Legal Notes , Qintesi Data Protection guideline


This Website is owned by Qintesi SpA, with registered office in Via G. Suardi 3, Bergamo (BG) 24124, and operating offices Via Donatello 30, Milan (MI) 20133 and Viale della Stazione n° 9, Marcon (VE) 30020, and it is dedicated to the presentation of the services offered.


Access, browsing and use of the site imply the automatic and complete acceptance of the conditions, illustrated below, by the user. All information and materials contained on this Site are for informational purposes only.


All the content of this Site, such as information, text, data, documentation, communications, logos, images, graphics, photographs, illustrations and any material present, (“Contents”) is owned by Qintesi S.p.A. or third parties, who hold the rights, and is protected by copyright.

None of the Contents may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means without the prior written permission of Qintesi S.p.A. or third parties who hold the rights.

Where expressed, reproduction of the published material may be granted, exclusively for personal and non-commercial purposes. Any form of use not authorized by Qintesi S.p.A. is prohibited, and will be subject to legal penalties.

Qintesi S.p.A. will attempt to maintain the site with constantly up-to-date, complete and accurate information, but does not provide any guarantee.

Qintesi SpA, therefore, declines any responsibility for any damage deriving from errors/omissions of the material contained, and for direct, indirect accidental, consequential or other facts/damages, that the user or third parties may suffer as a result of access, browsing and use of the site and its contents.

Qintesi S.p.A. declines all responsibility for damages resulting from interruptions, cancellations, viruses, loss of data and/or programs etc. The user must take care to adopt the necessary precautions.

Any material or information (including, but not limited to) texts, images, ideas and technical knowledge that is sent using this site, will not result in a business relationship or provision of professional services. Furthermore, the material will not be considered confidential, and may be reproduced, developed, distributed and marketed in the manner that Qintesi deems appropriate.


“Links” or “hypertext” to other resources, managed by third parties (for example: sites of commercial partners, or their customers), are present in the pages of the site. These websites are not under the control of Qintesi S.p.A, and therefore no judgment or guarantee is issued, and no responsibility is assumed for these services or sites.


Qintesi S.p.A. reserves the right to modify at any time, and without notice, the information contained on the site, and the present Legal Notes governing this site.


This section describes how the site manages the processing of personal data of users who consult it.

This information report is provided pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016 on the protection of individuals, with regard to the processing of personal data to those who interact with the web services of QINTESI SPA, which are accessible electronically from the address: corresponding to the home page of QINTESI SPA.

The information report is provided only for the site indicated above and not for other websites that may be consulted by the user via links. The Site may contain links to other sites (so-called third-party websites). Qintesi S.p.A does not carry out any control on contents and materials published by or obtained through third-party websites, nor on relative methods for processing personal data, and expressly disclaims any related responsibility for such eventualities. The user has to check the Privacy Policy of third-party sites that are accessed through the Site, and to inquire about the conditions applicable to the processing of their personal data.


Following consultation of this site, data relating to identified or identifiable persons may be processed.

Controllers, in accordance with Article 24 of EU Regulation 2016/679, are:

1) in “co-ownership”, the Chairman Angelo Amaglio and the CEO Alberto Pogna for Qintesi S.p.A, and

2) Sabina Enrica Calvi for Qintesi Technology & Services S.r.l. (Company subject to management and coordination activities by Qintesi S.p.A.)

Any request concerning this information report should be sent by mail to: QINTESI SPA, Bergamo (Italy), Via Gianforte Suardi 3, 24124, or to the following e-mail address:


Personal data are processed in paper and electronic form, and inserted in the company’s IT system for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures have been taken to prevent data loss, illicit or incorrect use and unauthorized access, including European Regulation 679/2016.

Tipi di dati trattati


The provision of some personal data by the user is mandatory to allow the Company to manage communications and requests received by the user, or to contact the user himself to follow up his request. This type of data is marked with an asterisk symbol [*], and in this case the provision is mandatory to allow the Company to follow up on the request which, otherwise, cannot be processed. On the other hand, the collection of other data not marked with an asterisk is optional: not providing data will not entail any consequences for the user.

The provision of personal data by the user for marketing and profiling purposes will occur, in case of consent, with data processing tools that will create your commercial and behavioural profile on the web. These data processing tools relate the data collected during your navigation on the Site to each other, through the use of profiling cookies you previously accepted. Furthermore, such data and/or information will be associated with additional data and/or information already in our possession as a result of your adhesion to our services.

The consent given for these purposes is optional, and the refusal to provide them will have no consequence. Furthermore, this consent is also extended to the following activities:

  • Direct marketing: through automated contact methods (sms, mms and e-mail) and traditional ones (phone calls with an operator or paper mail), by sending promotional and commercial communications relating to services/products offered by Qintesi S.p.A., or reporting of corporate events, or invitations to webinars, as well as carrying out market studies and statistical analyses.
  • Profiled marketing: analysis of your preferences, habits, behaviours, interests inferred, for example, from online clicks on articles/sections of the website ( in order to send you personalized commercial communications and/or carry out targeted promotional actions, through business intelligence.
  • Marketing by third parties (with data communication): sending – with automated contact methods (such as sms, mms e-mail) and traditional ones (such as telephone calls with operator or paper mail) – promotional and commercial communications, advertising material relating to offers of services/products, reporting of corporate events, as well as carrying out market studies and statistical analyses by third parties with respect to the Data Controller/ Data Controllers, to whom the data are communicated.


Qintesi SPA is committed to protecting the security of the user’s personal data, and complies with the security provisions of the applicable legislation in order to avoid data loss, illegitimate or illegal use of data, and unauthorized access to the same. Furthermore, the IT systems and computer programs used by Qintesi SPA are configured in order to minimize the use of personal and identifying data; these data are processed only for the achievement of the specific purposes, pursued on a case-by-case basis. Qintesi SPA uses multiple advanced security technologies and procedures to promote the protection of users’ personal data; for example, personal data is stored on secure servers located in places with secure and controlled access.


The processing operations connected to the web services of this site take place at the Controller, and are only handled by technical staff of the Office in charge of processing, or by persons in charge of occasional maintenance operations.

Navigation data

IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data, whose transmission is implicit in the use of internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified, through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.

These data are used only to obtain anonymous statistical information on the use of the site, and to check its correct functioning and are deleted immediately after processing.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message..

Information report for those who send requests of catalogue, information on status of orders, assistance, offers and estimates, or further requests.

Entered data for the request of the brochure, offers and estimates, or other requests, will be processed by paper and automated means, and will be inserted in the archive for subsequent sending, even by email, in order to respond to the request received, and for any subsequent related communications.

Data provided by applicants

Personal data sent spontaneously and contained in the Curricula Vitae will be processed in paper and electronic form and inserted in the company’s IT system, and will be the subject to personnel recruitment for the purposes of assessing the profile, attitudes and professional skills. These data will be kept for a period of time not exceeding 5 (five) years or until cancellation is requested by the candidate, unless a longer retention period is required or permitted by law.


The website uses technical and profiling cookies.
The specific policy regarding the use of cookies is available at the following link: please click here


The data collected by the site are generally not provided to third parties, except in specific cases: legitimate request by the judicial authority and only in the cases prescribed by law; if it is necessary for providing a specific service requested by the User; for performing security checks or site optimization.


We process your personal data only in the presence of one of the conditions envisaged by current legislation.

We process your data mainly on the basis of consent. The granting of consent occurs through the banner placed on the home page of the site, or through the use or consultation of the site, as conclusive behaviour. By using or consulting the site, visitors and users approve this information and consent to the processing of their personal data.

We process your data based on consent even when using our contact form, you accept our Qintesi data protection guideline. The provision of data and therefore consent to the collection and processing of data is optional, the User can refuse consent. However, denying consent may make it impossible to provide certain services, and the browsing experience on the site would be compromised.


There are no transfers to non-EU countries.


Data can be processed by external subjects operating as Controllers such as, for example, authorities and supervisory and control bodies, and in general subjects, even private ones, entitled to request the data, by the local authorities who expressly request data for administrative or institutional purposes to the Controller, in accordance with the provisions of current national and European legislation, as well as by persons, companies, associations or professional offices that provide assistance and advice.

Data may also be processed, on behalf of the Controller, by external subjects designated as data processors pursuant to art. 28 of the GDPR, to which adequate operating instructions are given. These subjects are essentially included in the following categories:

  • companies offering website and information system maintenance services;
  • companies performing management and maintenance services of the Controllers database;
  • companies offering email sending services;
  • company offering marketing automation platform management services


Requests for the exercise of the rights indicated below may be sent to QINTESI SPA by mail to the following address: QINTESI SPA – Bergamo (Italy) Via Gianforte Suardi 4, 24124 or to the following e-mail address:

Right of access by the data subject (Art. 15 of EU Regulation 2016/679)

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 2 of the EU Regulation 679/2016 General Data Protection Regulation – GDPR relating to the transfer.
  3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification (Art. 16 of EU Regulation 2016/679)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’) (Art. 17 of EU Regulation 2016/679)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based according to point (a) of Article 6, paragraph 1, or point (a) of Article 9, paragraph 2 of the EU Regulation 679/2016  General Data Protection Regulation – GDPR, and where there is no other legal ground for the processing;
    • the data subject objects to the processing pursuant to Article 21, paragraph 1 of the EU Regulation 679/2016 General Data Protection Regulation – GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, paragraph 2 of the EU Regulation 679/2016 General Data Protection Regulation – GDPR;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    • the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the EU Regulation 679/2016 General Data Protection Regulation – GDPR.
  2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs above 1 and 2 shall not apply to the extent that processing is necessary:
    • for exercising the right of freedom of expression and information;
    • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • ● for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9, paragraph 3 of the EU Regulation 679/2016 General Data Protection Regulation – GDPR;
    • ● for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, paragraph 3 of the EU Regulation 679/2016  General Data Protection Regulation – GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 of EU Regulation 2016/679)

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    • the data subject has objected to processing pursuant to Article 21, paragraph 1 of the EU Regulation 679/2016  General Data Protection Regulation – GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.
    • Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  2. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.