Privacy Policy


pursuant to articles 13 and 14 of the (UE) Regulation 2016/679

This information is provided in compliance with the European General Regulation on the Protection of Personal Data EU 2016/679 (“GDPR”) and subsequent amendments and/or additions as well as national legislation or regulations on the processing of personal data from time to time applicable (“Privacy Regulations”) to ensure that the processing of personal data is carried out in compliance with the rights and freedoms of individuals with particular regard to the protection of personal data.

The term “personal data” means any information relating to a natural person, identified or identifiable, even indirectly, with reference to any other information, including a personal identification number.

The term “processing” means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

The term “data subject” means the natural person to whom the personal data relate.



1. Data Controllers and/or Joint Data Controllers

The companies (“Companies“) of the Impresoft Group (“Group“), listed below, process, depending on the specific purposes pursued and indicated in this information notice, the personal data of data subjects independently or jointly pursuant to European Regulation 2016/679 (“GDPR“).


Formula Impresoft S.p.A., registered office Via Bisceglie 76, Milano, CF. and P.I. 05488960013, in the person of the legal representative Giuseppe Rossano Ziveri; email address:


Qualitas Informatica S.p.A., registered office Via Marco Dalla Vecchia, 12, Santorso (VI), CF. and P.I. 01833260241, in the person of the legal representative Sergio Gasparin; email address:


4ward S.r.l., registered office in Via del Vigneto 33, Bolzano, CF. and P. I. 03408060964, in the person of the legal representative Christian Carlo Alberto Parmigiani; email address:


NextTech S.r.l., registered office Piazza San Nicolò,15 30034 Mira (VE) CF. and P.I. 05488960013, in the person of the legal representative Mauro Dal Corso; email address:


OpenSymbol S.r.l., registered office in Via Vecchia Ferriera, 5 Vicenza (VI), CF. and P.I. 03184500241, in the person of the legal representative Enrico Maggi; email address:


Next CRM S.r.l., registered office in Via Rossini, 6, Vicenza (VI), CF and P.I. 04119450247, in the person of the legal representative Luigi Mattiazzi; email address:


below, disjunamente the/le Owner/i or jointly the Co-owners.

The aforementioned companies act as autonomous Data Controllers for the purposes referred to in paragraph 3. They may also act as Joint Controllers with regard to the processing of data for commercial purposes in the broad sense and marketing as specified in paragraph 4 below, having jointly determined the purposes, methods and means of processing through the conclusion of a specific agreement pursuant to art. 26 of the GDPR.

The Joint Data Controllers, in order to facilitate the relations between the data subjects and each Data Controller, have identified the Group’s common email address, in addition to that of each Company:



2. Sources and types of data processed

The personal data processed by the aforementioned Data Controllers are collected directly from/from the website/internet of the individual Data Controllers or from the Group’s website, from the web services contained therein (c.d. digital touch points)or at events organized by the Data Controller also at third parties such as, for example, commercial partners, and possibly enriched with information available through specific services, Private Company Databases (Linkedin, Creditsafe, etc.) or publicly through consultation of Public Registers, C.C.I.A.A..

In the event that the Data Controller acquires data from external companies for the purposes of commercial information, market research, direct offers of products and services, information will be provided at the time of registration of the data or, no later than the first possible communication.

The data processed by the Data Controllers may include personal information and contact information (name, surname, email address, telephone number, address, role, company name, etc.). In addition, in the fulfilment of specific obligations relating to the management of the relationship (such as, for example, mandatory communications to the Authorities), as well as in the course of its business activity, It may happen that the Data Controllers treat particular categories of data pursuant to art. 9 GDPR and judicial data pursuant to art. 10 of the GDPR.

As regards the activity carried out by Qualitas Informatica S.p.A. as Data Controller, it collects and processes both personal data provided directly and voluntarily by the data subjects, and some personal data from public registers, lists and archives or contained in documents or documents that can be ascertained by anyone (held, for example, by Chambers of Commerce or at the Revenue Agency) or otherwise generally accessible (as derived, for example, from categorical lists, press reports and websites accessible to anyone), and also through the use of cookies, own or third parties.

The sending of data by the interested party is optional. Any personal data provided to Qualitas Informatica S.p.A. involves its subsequent acquisition and processing of the same according to the law and this Policy. The interested party assumes responsibility for any personal data of his own and/ or third parties published or shared and guarantees to have the right to communicate them, freeing Qualitas Informatica S.p.A. from any liability to third parties.



3. Purpose and legal basis of the processing carried out by the Data Controller

The Data Controllers process the personal data of the data subject where such processing has a legal basis or falls within their legitimate interests and does not affect the protection of data or fundamental rights and freedoms of the data subject. The legitimate interests of the Owners are aimed at maintaining, providing and improving their technology, products and services and ensuring the safety of these.

Each Data Controller, except for specific cases of co-ownership as set out below, may process the personal data of the data subject for the purposes of processing listed below:

  1. Purposes strictly connected and instrumental to the establishment and management of a contract to which the interested party is a party pursuant to art. 6 comma 1 lett. b) GDPR. For the aforementioned purpose, personal data will be processed by the companies of the Impresoft Group. The provision of personal data does not require consent, but is necessary to perfect, execute or continue the contractual relationship with the Owners.
  2. Management of relationships with the interested party resulting from his requests to use the services/ content offered within the site of the Owners. The provision of personal data is not mandatory, but the refusal to provide them may make it impossible for the interested party to obtain the services and/or products and/or content requested, access to other initiatives offered through the site, receive the features, the answers, the information and the informative material requested to the Owners. Their processing requires the User’s consent.
  3. Fulfillment of legal obligations, regulations, Community legislation, provisions issued by authorities legitimized by law or by supervisory and control bodies (pursuant to art. 6 paragraph 1 lett. c) GDPR. The provision of personal data for the purposes referred to in this point is mandatory and the related processing does not require consent.
  4. Purpose of business analysis: to improve the business and its services (e.g. recognition of the degree of customer satisfaction on the quality of services rendered and on the activity carried out by the Company, the development of studies and market research). The provision of personal data is not mandatory and the related processing does not require consent for existence of legitimate interest of the Owners to carry out business analysis activities.
  5. Marketing purposes for the promotion and sale of products and services similar to those already purchased by the interested party (c.d. soft spam), through commercial communications also of specific interest of the interested party. The provision of data is not mandatory and their processing does not require consent for the existence of legitimate interest of the Data Controllers pursuant to art. 6 par. 1 lit. f) GDPR to carry out marketing activities to its customers.
  6. Own marketing purposes, through commercial communications also customized/ of specific interest. The provision of data is not mandatory and their processing requires consent, freely expressed and revocable at any time as described below (“Your rights”). Failure to provide personal data by the interested party would make it impossible to improve the offer of products and/or services of the Owners in order to make them conform to the preferences of the interested parties, but will not have any consequence on the possibility for the interested party to consult the site in areas with anonymous access. However, the interested party may not receive information on the products and/ or services offered by the Owners.
  7. Site/i management (statistical analysis). The provision of personal data is not mandatory and their processing does not require consent for the existence of legitimate interest of the Data Controllers pursuant to art. 6 par. 1 lit. f) GDPR to the management of its website.
  8. Personnel selection and search activities carried out for own business needs. The provision of personal data is not mandatory, but the refusal to provide them may prevent Data Controllers from assessing the professional profile of the data subject for the purpose of establishing an employment relationship. The related processing requires the consent of the data subject.
  9. Judicial defence: if necessary to establish, exercise or defend their rights in court. The provision of personal data is mandatory and the related processing does not require consent.

If additional purposes are added to the processing of the data than those indicated above, specific additional information will be provided that will describe in detail the type of data processed in relation to these additional purposes.



4. Treatments carried out under the co-ownership regime

The Joint Controllers, as identified in paragraph 1 of this disclosure, have entered into a Joint Controllers Agreement pursuant to Article 26 of the Regulation.

The Data Controllers, through the aforementioned agreement, intend to jointly process the data collected in the exercise of their activities for the commercial purposes of managing their customers and marketing. Specifically, these activities are aimed at:

The provision of data for marketing purposes is optional and the related processing is subject to the legitimate prerequisite of consent. Failure to consent to the processing will not allow the promotion activity indicated, but will not prejudice in any way the data subject.

For the aforementioned commercial and marketing purposes, the Joint Controllers have also jointly determined the modalities of processing under the specific agreement and have defined, in a clear and transparent manner, the procedures to provide timely feedback to the interested party should he wish to exercise his rights, as set out below in art. 9 of this information, as provided for in Articles 15, 16, 17, 18 and 21 of the Regulation as well as in cases of portability of personal data provided for in Article 20 of the Regulation.



5. Place and manner of processing of personal data

In relation to the stated purposes, the processing of personal data takes place through manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to ensure the security and confidentiality of the data.
Qualitas Informatica S.p.A. will process the personal data of the interested party exclusively with technical personnel in charge of such processing, with mainly automated and computerized methods, suitable to guarantee, in relation to the purposes for which the data are processed, security and confidentiality, as well as to avoid unauthorised access to the data. Qualitas Informatica S.p.A. does not execute automated decision-making processes.

The processing of the data collected takes place at the offices of Qualitas Informatica S.p.A.

The data may also be stored at Brennercomm datacenters located in Trento and Bolzano, and/or on public cloud/Saas environments, such as non-exhaustive Microsoft, Google, Amazon, Hubspot.



6. Retention of personal data

The personal data of the interested party will be stored only for the time necessary to achieve the purposes for which they are collected, in compliance with the principle of minimization pursuant to art. 5.1.c) GDPR and, with reference to promotional and marketing purposes until the withdrawal of consent to the processing.

In particular, with regard to the processing for marketing purposes, in the absence of specific regulatory or regulatory indications, the data will be processed and stored (except opt-out or revocation) for an adequate time in relation to the interest expressed by the person to whom the data refers towards the initiatives of the Data Controller. In any case, the data subject may always request the interruption of the processing or the deletion of his data, as provided below.

The Data Controller may retain certain data even after the termination of the relationship according to the time necessary for the management of specific contractual or legal obligations as well as for administrative purposes, tax and/or contribution period imposed by laws and regulations in force, as well as for the time necessary to enforce any rights in court.
In any case, the data are processed as well as in compliance with current legislation, according to the standards of confidentiality to which the Data Controllers have always been inspired.

Qualitas Informatica S.p.A. with regard to its activities, keeps the data for the time necessary to perform the service requested by the interested party, or for the pursuit of the purposes described in this statement.

The storage times will vary depending on the type of data processed, but, in general, Qualitas Informatica S.p.A. refers to these criteria to determine the storage period:


Once there is no need and/or obligation to process the personal data of the data subject, Qualitas Informatica S.p.A. will delete or make them anonymous or, if this is not possible (for example, because personal data have been stored in backup archives), to keep them securely, anonymizing them and excluding them from any further processing until their cancellation.



7. Categories of persons to whom the data may be communicated

The Data Controllers may communicate the personal data of the data subjects to third parties, in compliance with legal obligations.

With specific consent, the Data Controllers may communicate personal data to third-party companies (not members of the Group) that will treat them as independent data controllers, for the purposes of commercial information, statistical surveys, market research, direct offers of their products and services.
The Data Controllers may communicate the personal data of the interested party to third parties who will act as independent Data Controllers or will be designated Data Processors and are essentially included in the following categories:


The updated list of persons to whom the personal data of interested parties may be communicated and/or transferred is available at Qualitas Informatica S.p.A. by contacting us at:

The data of the interested party will not be communicated, disclosed or sold to third parties or used for purposes other than those mentioned above, unless prior communication and express consent of the interested party, where necessary.



8. Transfer of data extra UE

Any transfer of data to non-EU third countries for the purposes indicated in points 3 and 4 above, may take place, in compliance with the methods permitted by law and in particular according to the provisions of the GDPR referred to in: i) to art. 44 – General principle for transfer; ii) to art. 45 – Transfer on the basis of an adequacy decision; iii) to art. 46 – Transfer subject to adequate guarantees; iv) to art.49 – Exceptions in specific situations.


The data can therefore be transferred:



9. Rights of the data subject

According to Art. 15-22 GDPR, the interested parties are granted specific rights. In particular, the data subject may obtain from the Data Controllers: access, rectification, cancellation, restriction of processing, withdrawal of consent and portability of data concerning him or her. The data subject also has the right to object to the processing for legitimate reasons and/or for commercial purposes.

The Owners undertake to reply as soon as possible to the interested party after verifying their identity.

In the event that the right of opposition is exercised, each Data Controller and/or the Joint Data Controllers reserve the right not to proceed with the request, and therefore to continue the processing, where there are statutory legitimate grounds for processing that override the interests, rights and freedoms of the data subject.

The above rights may be exercised both towards the individual Owners and jointly towards the Co-owners by sending a written communication to the following e-mail addresses:


Impresoft Group:

Formula Impresoft S.p.A.:

Qualitas Informatica


NextTech S.r.l.:

OpenSymbol S.r.l:

Next CRM


The data subject is informed that, pursuant to art.12 of the GDPR, if the requests of the interested party are found to be manifestly unfounded or excessive, in particular for their repetitive nature, the Data Controllers may: a) charge a reasonable fee, taking into account the administrative costs incurred in providing the information or communications or taking the action requested or b) refusing to comply with the request.

The data subject also has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data



10. Links to other websites

The site may contain links to other websites. However, once the interested party has used these links and leaves this site, Qualitas Informatica  will have no control over the other websites. Qualitas Informatica S.p.A. will not be responsible in any way for the protection and confidentiality of the information provided when visiting these other sites. It is advisable to read carefully the privacy policy applicable to the site in question.



11. Responsibility of Qualitas Informatica S.p.A.

Without prejudice to the fact that Qualitas Informatica S.p.A. undertakes in every way to ensure that the information contained in this site is accurate, it does not guarantee the completeness of the information on it.

Qualitas Informatica S.p.A. also cannot guarantee that the servers are free from errors, viruses or bugs, which is why it is the responsibility of the interested party to provide appropriate measures for the protection against such threats. We recommend scanning all files before downloading.

In no case may Qualitas Informatica S.p.A. be held liable for any accidental, indirect, consequential or special damages of any kind, including, without limitation, those resulting from loss of profit, loss of contracts, or relating to goodwill, data, information, income, or business relationships, even if not known or knowable, arising from or in connection with the use of this website or other linked sites.



12. Changes to this privacy policy

Qualitas Informatica S.p.A. reserves the right to make changes to this policy at any time by giving notice to interested parties on this page. In case of non-acceptance of the changes made to this policy, the interested party is required to cease using this site and may request Qualitas Informatica S.p.A. to remove their personal data. Unless otherwise specified, an information notice will continue to apply to personal data collected during its validity.


Last updated: August 2021

Our NET@PRO Manifacturing Execution System contributes to the success of