in accordance with the provisions of art. 13 of the Regulation (EU) 2016/679

In accordance with the provisions of art. 13 of the Regulation (EU) 2016/679 (“GDPR”), Q.F.A. S.r.l. provides users of the website with the following information in relation to the processing of their personal data.


The Data Controller of the personal data collected through this Website is:

  • Q.F.A. Srl
  • VAT 08538680011
  • Headquarter Via Spagna 4 10093 – Collegno (TO)
  • Registered office Corso Matteotti 44, 10121 Torino
  • Email
  • PEC
  • Phone +39 011 733 109 – +39 011 455 74 14


While browsing the Website, Q.F.A. S.r.l. may acquire the following data/information:

  • Data provided voluntarily by the user: these are data and/or information provided by the user through the contact details on the Website (name, surname, address, email address, telephone, tax code).
  • Browsing data collected through cookies: for more information, please refer to the extended cookie policy.


In compliance with the art. 6 of the GDPR, personal data will be used to:

  • respond to any user requests received through the use of the contact details available in the dedicated sections of the Website (legal basis: execution of pre-contractual measures, art. 6 letter b of the GDPR);
  • fulfill the obligations established by EU and national regulations (legal basis: legal obligation, art. 6 letter c of the GDPR)
  • prevent and suppress any fraud and/or any other illegal activity (legal basis: legitimate interest, art. 6 letter f of the GDPR).

The Data may be processed for the following purposes only with the express consent of the User (which can be withdrawn at any time):

  1. Send promotional information and commercial offers, e.g. through newsletters (legal basis: consent, art. 6 letter a of the GDPR).
    The consent given to the sending of promotional information can also be withdrawn using the “unsubscribe” link included in the footer of the emails or by contacting the Data Controller (see the paragraph “User rights”)
  2. 3. obtain anonymous statistical information on the use of the Website, check its correct functioning and identify actions aimed at its improvement on the basis of navigation data (legal basis: consent, art. 6 letter a of the GDPR)

The provision of data is optional. However, failure to provide data may make it impossible to provide the services and the requested information and the browsing experience of the Website could be compromised.


Out the processing of personal data in compliance with the principles of The Data Controller carries lawfulness, correctness and transparency (art. 5 GDPR). The processing of personal data is carried out by specifically authorized personnel, also through the use of IT and telematic tools suitable for guaranteeing data security. Personal data is protected by technical and organizational measures to ensure adequate levels of security and confidentiality in accordance with the provisions of articles 25 and 32 of the GDPR.


The Data Controller does not carry out treatments that consist of automated decision-making processes.


In compliance with the provisions of art. 5 of the GDPR, personal data will be kept for the period of time strictly necessary for the purpose for which they were acquired. In particular, the retention period of the data collected through requests received for the contact details on the Website is strictly limited to the time necessary to process the user’s request, also taking into account how the commercial relationship will eventually evolve following the contacts; in any case, in the absence of further developments, the data will be kept for 6 months from the last expression of interest by the user.

Navigation data, these will be kept for a maximum of one year; while the data collected through cookies will be kept for a period of time not exceeding that indicated in the extended cookie policy.

Data processed for marketing purposes may be lawfully kept for 2 years from the moment consent was given, unless the user previously communicates his/her wish to revoke consent for this purpose by clicking on the unsubscribe button in the communications, or by contacting the data controller (see the “User rights” paragraph)..


Personal data will not be disclosed and may be known and processed by employees / collaborators in charge of managing the Website and/or involved in responding to requests that may be received through the contact details indicated on the Website. The data may be communicated to the following recipients:

  • third parties who carry out certain processing activities on behalf of the Data Controller, such as activities of a technical and/or organizational nature, including the activities of managing the IT system, telecommunications networks, including e-mail (e.g. hosting services, IT services, web analytics services); and advertising and communication services (e.g. marketing research, market surveys, opinion polls);
  • competent authorities (public entities or judicial authorities) for the fulfillment of legal obligations and/or provisions of public bodies, upon request (e.g. to prevent or suppress the commission of a crime).

These subjects process personal data as independent Data Controllers or Data Processors. The Data Controller provides the aforementioned subjects only with the information necessary for the performance of the requested services.

The updated list of Data Processors is available upon request to the Data Controller.


The personal data collected could be transferred abroad to European Union countries and/or to non-EU countries in compliance with the limits and conditions set out in EU Reg. 2016/679 for the protection of personal data. In case of transfer, the data will be transferred in compliance and within the limits established by the GDPR in articles 44 (General principle for transfer), 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to adequate guarantees) on the basis of:

  • adequacy decisions of the European Commission issued in favor of third countries;
  • adequate guarantees expressed by the recipient third party;
  • binding corporate rules.


The current legislation on data protection attributes specific rights to the Data Subject, who, to exercise them, can contact the Data Controller directly and at any time.

The data subject may exercise the rights provided by the GDPR (articles 15-22), including:

  • receive confirmation of the existence of personal data and access their content (right of access);
  • update, modify and/or correct personal data (right of rectification);
  • obtain the erasure or restriction of processing of personal data processed in violation of the law (right to be forgotten and right to erasure);
  • object to processing of personal data (right to object);
  • lodge a complaint with a Supervisory Authority (Garante per la protezione dei dati personali in the event of a violation of data protection legislation;
  • receive an electronic copy of personal data concerning him as Data Subject, and request that such personal data be transmitted to another data controller (right to data portability).

To exercise these rights, the Data Subject can contact the Data Controller by sending a communication to:

  • Q.F.A. Srl
  • VAT 08538680011
  • Headquarter Via Spagna 4 10093 – Collegno (TO)
  • Registered office Corso Matteotti 44, 10121 Torino
  • Email
  • PEC
  • Phone +39 011 733 109 – +39 011 455 74 14


The Data Controller reserves the right to modify, update, add or remove parts of this privacy policy at its discretion and at any time. The Data Subject is required to regularly consult this section to verify the publication of the most updated version of the policy.

Date of last update: September 2023