This is to inform you that the processing of your personal data is carried out at our company in full compliance with current national legislation of the European Union regarding the processing of personal data.

In accordance with art. 13 and 14 of the EU REGULATION 2016/679 we would like to inform you that:

1. The data controller is Sotras S.r.l. in the person of the legal representative pro-tempore, with registered office in Via Donatello, 13 - 10071 - Borgaro (TO) Italy.

2. The data processor is è Alessandro Quaglino, Telefono: 0112622222, Email:

3. Responsible for the protection of data processing (so-called Data Protection Officer) The appointment, for the company indicated above, is not foreseen because the treatment carried out does not fall within the cases referred in art. 37 of Reg. 2016/679;

4. Purpose of data processing: Personal data are processed during business routines for the following purposes:
- exclusively intended for the fulfilment of contractual obligations or in order to obtain pre-contractual information and information about requests for supplies or services.
- connected with the obligations provided by laws, regulations and Community legislation as well as by provisions issued by authorities empowered to do so and by supervisory and control bodies, as well as obligations in tax and accounting matters;
- for communication activities, also with commercial nature.

5. Category of data collected: The data collected falls within the category of personal identification data (personal data, social security number or VAT number, details of identification documents) closely related and instrumental to the management of relations with customers and suppliers (such as acquisition of preliminary information for the conclusion of contract, execution of transactions based on the obligations arising from the concluded contract, compliance with tax and accounting obligations, etc. ...). The category of special data is also included, referred to art. 9 of Reg. 2016/679, exclusively for the fulfilment of legal obligations.

6. Data processing methods: Data processing is carried out by IT, telematic and paper tools with logics strictly related to the purposes and, in any case, in order to ensure the security and confidentiality of the data. In particular, we inform you that your data are:
- treated lawfully, fairly and transparently;
- collected for the purposes set out above, when they are explicit and legitimate, and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
- accurate and, where necessary, kept up to date, delated and/or updated;
- kept in a form which allows their identification for no longer than is necessary for the purposes for which they are processed;
- processed in a way that ensures adequate security of personal data, including the protection, by appropriate technical and organizational measures, against unauthorized or unlawful processing and against accidental loss, destruction or damage

7. Communication of data: In order to achieve the purposes indicated above, your data may be communicated for the purposes indicated in point 4 to legal; designers; companies that acquire, register and process data contained in documents or tools for the editing of texts, terms of contract and agreements; companies, including those for IT, in order to manage electronic devices for the procedures related to the storage of data, printing of correspondence and management of incoming and outgoing mail; companies responsible of fraud control, credit recovery and detection of credit and insolvency risks; Public Administrations, in according to law; all those involved in banking, financial and insurance services; service companies for the management of the company's information system; companies that transmit, envelope, transport and sort communications activities; studies or companies in the context of assistance and consultancy tasks; Supervisory Board; Quality System Certification Bodies; Audit Board; entities who carry out control, audit and certification obligations on the activities carried out by the company; entities to whom the communication is necessary or functional for the correct fulfilment of the contractual obligations undertaken, as well as the obligations deriving from the law or who have access to personal data by virtue of regulatory or administrative provisions; accountants and procuring entities.
The complete list of those responsible is available at the company headquarters and to find it, simply contact the Owner indicated above.

8. Dissemination of data: Personal data are not subject to disclosure.

9. Transfer of data abroad: Your personal data may be transferred outside your national country in accordance with the provisions of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.

10. Compulsory / facultative data provision: Considering the personal autonomy of the person concerned, the provision of personal data, both common and falling into particular categories, may be:
- compulsory in relation to the obligations provided by laws, regulations and legislation of the European Union, as well as by provisions issued by authorities entitled to do so and by supervisory and control bodies, as well as obligations in tax and accounting matters;
- essential to the conclusion of new relationships or to the management and execution of contractual relationships in place or in the process of being established.

11. Refusal to provide data: The potential refusal by the person concerned to provide personal data for the purposes indicated in paragraph 4 letter a) b) c) of this information means that it is impossible to proceed with the conclusion of new relationships or to the management and execution of contractual relationships.

12. Data retention period: The personal data concerning you will be kept in a form that allows your identification for a period of time no longer than the achievement of the purposes for which they are processed, and in compliance with legal obligations regarding the time of data retention (tax assessments and prescription periods for the exercise of rights).

13. Rights of the interested party: You may contact the data controller in order to assert your rights, as provided by the Regulations, and in particular you have the right to:
a) request the access, updating, delating and the restriction of personal data concerning him, in addition to the right to have the data portability;
b) lodge a complaint with a supervisory authority;
c) know the source of the personal data and, where appropriate, whether the data originate from available public sources;
d) obtain from the data controller confirmation as to whether or not personal data concerning him are being processed and, if so, to obtain access to the personal data and to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the targets or categories of targets to whom the personal data have been or will be disclosed, in particular if they are targets in third countries or international organizations;
- where possible, the envisaged period for retention of the personal data or, if that is not possible, the criteria used to determine that period;
e) request (to the data controller) to correct or delete personal data or to restrict the processing of personal data concerning him or to object to their processing;
f) know, where the data are not collected from the person concerned, all available information on their origin, on the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as on the importance and the expected consequences of such processing for the person concerned;
g) obtain from the data controller the rectification of personal data relating to him which are inaccurate without undue delay;
h) obtain, taking into account the purposes of the processing, the integration of incomplete personal data, providing a supplementary statement;
i) obtain from the data controller the delating of personal data relating to him without undue delay;
j) obtain from the data controller the limitation of the data processing when he contests the accuracy of the personal data, or has opposes the cancellation of the data, or - although the data controller no longer needs it for the purposes of the treatment - the data are necessary to the interested party for the check, the exercise or the defense of a right in judicial proceedings, or has opposed the treatment carried out by the data controller for the pursuit of his own legitimate interest;
k) receive the personal data concerning them in a structured format, in common use and readable by an automatic device, and to transmit such data to another data controller without obstacles by the data controller to whom they were provided (the so-called right to data portability);
l) take position against the processing of personal data relating to them, for reasons relating to their particular situation, at any time (when such processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority assigned to the data controller, or when such processing is necessary for the legitimate interests of the data controller), including profiling based on such provisions, as well as to take position against the data processing for direct marketing purposes.

14. The above rights may be exercised by written request addressed to the Data Processor by registered letter, or also by e-mail to the following e-mail address:

Consent form