Quattrogi Ltd. protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation.
As provided for by European Union Regulation No. 679/2016 (GDPR) and Article 13 in particular, please find below the information required by law relating to the processing of your personal data.
Effective date: April 02, 2018
Quattrogi Ltd („us“, „we“, or „our“) operates the http://www.quattrogi.eu website (the „Service“).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
- Information Collection and Use
Quattrogi Ltd collects several different types of information for various purposes to provide and improve our Service to you.
Quattrogi Ltd, represented pro tempore with registered offices at 45, F. Nansen str. – Sofia (Bulgaria), acts as the Data Controller and can be reached at firstname.lastname@example.org and collects and/or receives information relating to you, such as: Personal Data; Usage Data; Tracking & Cookies Data.
Quattrogi does not require you to supply so-called „private“ data, that is, according to the provisions of the EU Regulation No. 679/2016 (Art. 9), personal data that identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic or biometric information used to uniquely identify a physical person, data associated with health or one’s sex life, or sexual orientation. In the event the services requested from Quattrogi require the processing of this data, you will first receive specific notification with a request for your consent.
The Data Controller has nominated a Data Protection Officer (DPO) who can be contacted for any information or requests:
Telephone number: +359 (0)2 8435570
For any information or requests, please contact the following address email@example.com
Telephone number +359 (0)2 8435570
Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you („Personal Data“). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Your professional role, interest and background
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
In order to fulfill administrative and accounting requirements as well as those connected with the contractual services and products, we may ask banking data (i.e. IBAN and banking/postal account information, etc.).
We may also collect information how the Service is accessed and used („Usage Data“). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking Analytic & Profiling Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data
Quattrogi Ltd uses the collected data for various purposes:
- Registration and contact information, and/or informational materials.
Your personal data is processed to implement preliminary actions and those following a personal meeting or registration request, to manage information and contact requests, and/or to send informational materials, as well as to satisfy any and all other obligations arising herewith. The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or the sending of informational materials (i.e. To provide and maintain the Service; To notify you about changes to our Service; To provide customer care and support; To provide analysis or valuable information so that we can improve the Service; To monitor the usage of the Service; To detect, prevent and address technical issues), and to comply with legal requirements.
- Administering the contractual relationship.
Your personal data is processed to implement preliminary actions and those following the purchase of a Service and/or a Product, to manage the applicable order, to perform the Service itself and/or for production and/or shipping of the purchased Product, the associated invoicing and payment management, handling of any returns and/or notifications to the support service and performance of the support itself, fraud prevention, as well as fulfillment of any and all other requirements arising from the contract. The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with legal requirements.
- Promotional activities on Services/Products that are similar to those you have purchased (Clause 47, EU Regulation No. 679/2016)
The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you specifically refuse.
- Business promotional activities on Services/Products that are different from the ones you purchased.
Your personal data may also be processed for business promotional purposes, for market research studies involving the Services/Products that the Data Controller offers, but only if you have authorized this processing and have not opposed it.
This processing may occur by the following automated methods:
– telephone contact
and may occur:
- If you have not withdrawn your consent for the use of your data;
- If processing is done through contact with a personal meeting, telephone operator, and you are not registered on the noncall registry;
The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section 3).
- Analytics & Profiling
We may use third-party Service Providers (i.e. Google-analytics, Google
Doubleclick, Criteo, Rocket Fuel, LinkedIn, Facebook or others) to monitor and analyze the use of our Services and Activities.
i.e. Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en.
- Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
- Digital Security
The Data Controller, in line with the provisions of Clause 49 of the EU Regulation No. 679/2016 and through its providers (third parties and/or recipients), processes your personal data involving traffic only to the extent strictly necessary and proportional to guarantee security of the networks and the information. This means the capacity of a network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
The Data Controller will immediately notify you if there is any risk of violation of your data, except for any obligations noted in the provisions of Art. 33 EU Regulation No. 679/2016 associated with notifications of personal data violations.
Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the pre-selected Services/Products, suggesting advertising messages and/or business offers in line with user selections) exclusively when you have given explicit and informed consent. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section 3).
- Children’s Privacy
Our Service does not address anyone under the age of 18 („Children“).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Bulgaria and choose to provide information to us, please note that we transfer the data, including Personal Data, to Bulgaria and process it there.
Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the contract established or your technical request, and to meet certain legal requirements, such as:
|Types of recipients||Aims|
|Companies belonging to Termogamma Group (“Termogamma Group”);||Fulfillment of administrative and accounting requirements as well as those connected with the contractual services and products;|
|Third party providers, partners and companies belonging to Termogamma Group*;||Performance of activities (assistance, maintenance, delivery/shipping of products, performance of additional services or technical supports) associated with the requested service or product;|
|Public Agencies, Legal Authorities, Financial Administration, Supervisory and Oversight Authorities;||Fulfillment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual service;|
|Formally mandated subjects or those with recognized legal rights;||Legal representatives, administrators, guardians, etc.;|
|External professionals and consulting companies;||Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery;|
|Credit and electronic payment institutions, banks/post offices.||Managing deposits, payments, reimbursements associated with the contractual service.|
The Controller will not transfer your personal data to countries outside the European Union where there is not an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into (Article 45 and 46, EU Regulation No. 679/2016).
*The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal to those adopted for you by restricting the Data Processor’s scope of action to processing directly related to the requested service or activity.
Disclosure of Data
Quattrogi Ltd may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Quattrogi Ltd
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
- Data Processing
If you do not provide your identification information as needed to perform the requested service
The collection and processing of your personal data is necessary to fulfill the activity requests as well as to perform the Service and/or supply the requested Product. Should you fail to provide your personal data as expressly required, the Data Controller will not be able to carry out the processing associated with managing the requested services and/or the contract and the Services/Products associated with them, nor fulfill the operations dependent on them.
If you do not provide the consent for processing personal data for the business promotion activities on Services/Products that are different from those purchased
When you do not give your consent to the processing of your personal data for these purposes, the processing will not be implemented for these specific purposes, but it will not affect the performance of the requested services or those for which you have already given your consent, if requested. In the event you have given consent and later withdraw it or oppose the processing for business promotional activities, your data will no longer be processed for these activities, although this will not create negative effects or consequences for you or the services requested.
Where we process your data
Your data is stored in hard copy, electronic and remote archives located in countries where the EU Regulation No. 679/2016 is applicable.
How we process your data (Article 32, EU Regulation No. 679/2016)
The Data Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third party providers and the Data Processors.
How long your data are stored (Article 13, paragraph 2a, EU Regulation No. 679/2016)
Unless you explicitly express your own desire to remove it, your personal data will be stored until required for the due purposes for which it was collected.
In particular, the data will be stored for no longer than a maximum period of 36 (thirty six) months of inactivity, that is, within this time period, there have not been any kind of Interaction or Service and/or Product purchased.
For data provided to the Data Controller for the purposes of business promotion for services other than those you have already purchased, for which you initially gave consent, it will be stored for 36 (thirty six) months, except when such consent is withdrawn.
It is also important to add that, should the user forward to Quattrogi Ltd personal data that has not been requested or that is unnecessary for the purposes of performing the activities requested, or for the performance of services strictly connected thereto, Quattrogi Ltd cannot be considered controller of this data and will proceed to delete it as soon as possible.
Regardless of your determination to remove the data, your personal information will in any case be stored to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract; for these purposes, the Data Controller shall retain only the data necessary to complete these activities.
For those cases where the rights arising from the contract and/or registration are used in the courts, your personal data, exclusively required for these purposes, shall be processed for the time necessary to complete them.
- Rights of the person concerned
You have the right to obtain the following from the Data Controller (Articles 15-20, EU Regulation No. 679/2016):
- a) Confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:
- The categories of personal data in question;
- The purposes of the processing;
- The recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;
- When possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;
- Whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;
- The right to lodge a complaint with a supervisory authority;
- In the event the data is not collected from you, all of the information available regarding its origin;
- Whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing;
- The suitable guarantees provided by the third party country (outside EU) or international organization to protect any transferred data.
- b) The right to obtain a copy of the personal data processed, again given that this right does not affect the rights and freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative costs.
- c) The right to edit any of your incorrect personal data from the Data Controller without unjustified delay.
- d) The right to have your personal data deleted by the Data Controller without unjustified delay, if there are the reasons outlined in the EU Regulation No. 679/2016, Art. 17, including, for example, if the data is no longer needed for processing or if the data is considered illegal, and again, if there are no conditions outlined by law; and in any case, if the processing is not justified by another equally legitimate reason.
- e) The right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the EU Regulation No. 679/2016, for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data’s accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting the processing has been eliminated, and therefore the limitation itself has been withdrawn.
- f) The right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort.
- g) The right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to forward this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the EU Regulation No. 679/2016, and the right to obtain direct forwarding of your personal data from one Data Controller to another, if technically feasible.
For further information and to send your request, contact the Data Controller at firstname.lastname@example.org. To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information necessary for this purpose.
How you can oppose the processing of your personal data (Art. 21, EU Regulation No. 679/2016)
For any reason associated with your particular situation, you may at any time oppose the processing of your own personal data if it is based on legitimate reasons or if it is done for business promotional activities, by sending a request to the Data Controller at email@example.com. You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over such request, and in any case, where you have opposed the processing for business promotional activities.
Who you can lodge a complaint with (Art. 15, EU Regulation No. 679/2016)