Privacy Policy


According to the law, the processing of personal data by CSQA Certificazioni S.r.l. will be based on principles of correctness, lawfulness, transparency and protection of privacy and rights of the data subject. As required by the European Union Regulation no. 679/2016 (GDPR), and in particular by art. 13, you can find below the information required by law concerning the processing of your personal data.

The Data Controller is CSQA Certificazioni S.r.l. (CSQA) with registered office in via S. Gaetano 74, 36016 Thiene (VI), VAT number 02603680246. CSQA has appointed the Data Protection Officer (DPO) who can be contacted via PEC at
Personal data (name, surname, identification document number and copy, phone number, e-mail address, etc.) will be processed for the following purposes:
  • purposes related to contractual obligations, for activities connected and necessary to the execution of the contractual terms and other contractual obligations, of the statute or general regulations that must be followed in the execution of the services provided by CSQA;
  • processing purposes relating to the institutional functions exercised by CSQA and the related legal obligations;
  • purpose of communicating information concerning the problems related to the services provided;
  • processing purposes connected to the VAT regulation (VAT tax register, etc.);

CSQA does not require the Interested Party to provide “special data”, or, according to the provisions of the GDPR (Article 9), personal data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from CSQA imposes the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.

Please note that the provision of data for the purposes of the processing as described above is mandatory and failure to provide them, or partial or inaccurate provision may have, as a consequence, the inability to perform the activity and preclude CSQA from fulfilling its contractual obligations.

The processing will be carried out with manual and / or computerized and telematic tools with organizational and processing logics strictly related to the purposes and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with organizational and physical measures and logics set by the provisions in force.

Data may be transmitted to external, national, European or international subjects, whose processing is necessary based on the requested services or on the basis of contractual, tax or regulatory obligations. Personal data may also be processed by employees or collaborators of our organization, as well as by companies in our group or by companies that perform outsourcing activities, including management of websites or cloud computing services, external suppliers, professionals and consultants in compliance with the requirements of the GDPR.

All our employees and collaborators have signed a commitment to professional ethics and confidentiality. CSQA imposes on Third Party suppliers and Data Processor the respect of security measures equal to those adopted towards the interested party, restricting the action of the Processor to the processing related to the requested service. The personal data of the interested party are stored in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied. Personal data will not be disseminated, nor will it be transmitted to third parties for advertising or marketing purposes without the explicit consent of the interested party. Automated decision-making processes for personal data will not be used.

Personal data are kept for the period necessary for the performance of the requested activities and in any case not exceeding 10 years, unless legally required.

You can, at any time, exercise the rights to:
  • access to personal data;
  • obtain the correction or cancellation of the same or the limitation of the treatment that concerns him;
  • to oppose the treatment;
  • data portability;
  • to revoke the consent, where provided: the withdrawal of consent does not affect the lawfulness of the treatment based on the consent granted before the revocation;
  • to propose a complaint to the supervisory authority (The Italian Protection Authority is “Garante Privacy”).

The aforementioned rights can be exercised by written communication to be sent by PEC to the address or a registered letter with acknowledgment of receipt to CSQA Certificazioni Srl, via S.Gaetano 74, 36016 Thiene (VI).