Privacy Policy

Information for data subjects in accordance with Articles 13-14 of the European Data Protection Regulation (GDPR) No. 679/2016 and related provisions issued by the National and European Authorities

Tosingraf S.r.l. (hereinafter also Tosingraf and/or Company and/or Data Controller) is constantly striving to provide visitors with a web experience that fully respects and protects their Privacy and welcomes you to

You are invited to read our Privacy Policy and the following information provided pursuant to art. 13 of GDPR no. 679/2016.

It is intended for those who interact with the web services directly provided by Tosingraf, which can be accessed online at This policy only describes the management of the aforementioned website, and does not apply to external websites that the user may visit through links. Additional information can be obtained from various channels.

1. Data Controller Tosingraf S.r.l., headquartered in Via Istria 23, Rosà (prov. of Vicenza) - 36027, Taxpayers code / VAT No. IT01778110245, telephone (+39) 0424 898312, fax (+39) 0424 539134, e-mail:

2. Personal Data Processors and place of data processing


External parties, other than the Data Controller, who may handle your personal data in our name and on our behalf. The list is available at our head office and can be requested using the contact details below.

More on this topic:

The list of Data Processors, if any, specifically bound by contract or other legal act, as well as the system administrator(s) is available at our head office. Data processing related to the web services offered by this website takes place at Tosingraf's registered office and, where applicable, at the offices of external data processors as well as at the offices of other persons appointed and authorised for this purpose (as better specified below), and is carried out by persons in charge of managing the requested services, data storage and processing activities as well as necessary maintenance operations. If it is necessary/useful to provide services via the web or if it is necessary to guarantee the provision of such services via the web, we specify that the data related to the web services may be processed by the staff of the company or companies in charge of maintenance of the technological part of the website and of the platform for the newsletter service. With the consent of the Data Subjects, if required by law, and in any case after adequate notification specifying the purposes, personal data may be disclosed to third parties, both public and private, outside Tosingraf, who will process it as autonomous data controllers (or, if applicable, Data Processors). In this regard, Tosingraf is in no way responsible, and declines any liability, for: the rules and methods for handling personal data on other websites, which can be reached from the pages of the website through links and/or cross-references; the contents of any e-mail services, web spaces and chat forums provided to users.

3. Legal basis for the data processing / Why we process your data - Basic purposes (mandatory data provision and consent)


  • Reply to user requests

  • Provision of goods and services

  • Contacting users on matters related to their requests

  • Legislation and/or regulations

  • Sector-specific provisions

More on this topic:

Your personal data will be processed for the following purposes:

  • Providing answers to explicit requests from the data subject/user

  • Fulfilling obligations arising from the supply of goods and services, both in contractual and pre-contractual terms, with particular reference to their execution as well as the collection of any agreed payments

  • Fulfilling obligations under applicable national and Community legislation

  • Asserting the rights, including those of third parties, in judicial, arbitration, administrative proceedings in accordance with regulatory limitations

Promotional activities (optional data provision and consent)


Sending marketing material, carrying out direct marketing, market surveys, etc. using:

  • Automated means (e.g. text messages, chat messages, e-mail, automated calls)

  • Traditional means (e.g. post, operator telephone calls)

More on this topic:

  • Marketing in detail: subject to your express consent, we may send communications using computerised and other means (i.e. traditional methods such as post and/or operator calls), for the purpose of monitoring developments in customer relations, planning and executing analytical, strategic and operational marketing activities, informing you about marketing and promotional activities concerning goods/services related to those for which the relationship was established and for which the contact request was sent. This purpose may therefore be pursued for reasons other than those strictly related to the basic purposes, if you decide to give your consent (after reading the information herein). If you do not decide to give your (optional) consent for the aforementioned purpose, the basis and consequent obligations of the relationship between our Company and you will not be affected or altered in any way: your requests will in any case be processed. Your consent therefore, if given, will be considered valid for contacts using both traditional methods and computerised tools (e.g. e-mail, text messaging, fax, automated calls, etc.); should you wish to exercise your right to object and/or withdraw your consent at any time, you may do so, even in a different and independent manner, through one of the contact methods.

  • Mailing list or newsletter: by registering for a mailing list or newsletter, the User's e-mail address will be automatically included in a list of contacts to whom we may send e-mail messages containing marketing and promotional information about our services. The User's e-mail address may also be added to this list as a result of registration with this Application or after making a request.

  • Contact Form / Registration: by filling out the contact form with their Data, the User consents to its use to respond to requests for information, quotes, or any other information indicated by the header of the form.

  • Interaction with social networks and external platforms: these services allow interactions with social networks or other external platforms directly from the pages of this Website. Interactions and information acquired by this Application are however subject to the User's privacy settings for each social network. If a service for interaction with social networks is installed, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.

4. What data do we process and how?


  • Navigation and usage data

  • E-mail, address, first name, surname /or company name, name of contact persons, usage data

  • System and maintenance logs

  • Cookies (see Cookie Policy)

More on this topic:

Personal data (e.g. e-mail, address, first name, surname /or company name, name of contact persons, usage data, etc.) may be provided voluntarily by the User, or collected automatically during use of this Application. In this regard, we would like to inform you that, in addition to the data you expressly provide to Tosingraf, other data may be recorded as a result of your browsing the website. For any access to the website, we record the type of browser (e.g. Internet Explorer, Chrome, Mozilla), the operating system (e.g. Windows, Macintosh) and the visitor's host and URL, as well as data on the page requested. This data can be used for statistical analyses on use of our website in aggregate, anonymous form. Other Personal Data collected may - also in the future - be indicated in further sections of this page or be displayed by means of informative texts at the same time as the Data is collected in any dedicated sections. Personal Data may be entered voluntarily by the User or collected automatically during use of this Application. The use of Cookies - or of other tracking tools - by this Application or by the owners of third party services, unless otherwise specified, is aimed at identifying the User and recording their preferences for purposes strictly related to the provision of the service/information requested by the User. Failure by the User to provide certain Personal Data may prevent this application and Tosingraf from providing its services. Please refer to the Cookie Policy for details. The User accepts full responsibility for the Personal Data of third parties published or shared through this website and guarantees that they have the right to communicate or disclose it, relieving the Data Controller of any liability to third parties.

5. Method of data processing


Paper-based and computerised means

More on this topic:

Your personal data is processed using manual and automated tools, with methods strictly related to the purposes indicated herein and, in any case, in such a way as to guarantee the security and confidentiality of your data. To obtain further information, we would like to remind you of your rights, as specified herein.

6. When is the user obliged to give us their data?


Basic purposes: obligation

Other purposes (marketing/promotions): option

More on this topic:

The personal data collected and processed on the website is that necessary for the provision of the services requested and, in the remaining cases, is the result of the user's browsing. Therefore, it is clear that failure to provide such data will make it impossible to provide the services that require the use of these tools. If you do not give your consent to receive advertising or direct sales information or interactive commercial communication, your e-mail and telephone number will not be used for this purpose.


If you voluntarily send electronic mail to the addresses indicated on the website, we will acquire the sender's address as well as any other information contained in the message. This personal data will be used only for the purpose of providing the service requested. The optional entry of data in the forms on the website (newsletter, contact form, registration form, etc.) as well as the optional, express and voluntary submission of personal data in the web forms or electronic mail to the addresses indicated on this website, for obtaining specific services and/or communications and information, will mean that the sender’s details (address/contact details) will be stored in order to respond to them or provide the services, communications and information requested.

7. Protection of children


Children's data may be processed if consent is given or authorised by the holder of parental responsibility.

More on this topic:

Tosingraf does not deliberately collect personal data (such as name, address and telephone number, etc.) of children. We do not allow children to register on websites or participate in online contests or promotions. However, if a parent or guardian of a child believes that the child has provided personal information, they should contact us if they wish to have such information erased from our records. If Tosingraf learns that it is in possession of personal data relating to a minor, it shall immediately delete said information from its databases. Should untrue information be provided, Tosingraf shall be held harmless from any liability and/or claim, without prejudice to the checks it undertakes to carry out. In addition, it should be noted that all minors must, in any case, receive due authorisation from their parents or guardians before using or disclosing information on websites of any kind.

8. Categories of recipients to whom the personal data may be disclosed


  • Tosingraf’s employees and persons treated as such, qualified as "authorised Data Processors" (administrative, sales and marketing staff, system administrators, etc.) and duly trained and monitored by the Data Controller;

  • External parties (e.g. agents, legal and administrative consultants, experts in industry standards, technical service providers, hosting providers, information service companies, communication agencies, business partners where necessary to fulfil specific obligations, etc.).

More on this topic:

Your data will not be disseminated by us - this term means the disclosure of your data to unspecified persons in any way, including by making it available or consulting it. Your data in general may be communicated by us - this term means the disclosure to specific persons, in the following terms:

  • persons who can access the data by virtue of a provision of law, regulation or Community legislation, within the limits specified by these rules;

  • subjects who need access to the data for purposes strictly related to fulfilling the requests, and for ancillary purposes, within the limits strictly necessary for the related tasks (public security subjects and other public and private subjects for the fulfilment of obligations prescribed by law including administrative obligations and similar);

  • employees of the company qualified as authorised personal Data Processors and the staff assigned to reply correctly to your requests, limited to the related communication requirements (i.e. name, e-mail address and any other contact means provided by you);

  • managers responsible for the institutional website who carry out, on our behalf, technical and/or organisational tasks necessary for the provision of the services requested, as well as any third parties involved in the activities for various reasons;

  • persons who assist us in the transmission of communications with commercial/promotional purposes;

  • couriers or shipping agents for goods to be delivered;

  • manufacturers of goods supplied by the Data Controller;

  • companies specialising in credit information systems, debt recovery firms and/or professionals;

  • system administrators specifically appointed by Tosingraf in compliance with regulatory requirements.

NB: the data will not be communicated to third parties for their marketing purposes.

9. Period of conservation of personal data


  • 10 years for basic purposes

  • 24 months for marketing purposes (unless consent is withdrawn)

  • 12 months for profiling purposes (unless consent is withdrawn)

More on this topic:

Your personal data will be kept in our files for basic purposes and on the basis of your authorisation for the period necessary to comply with civil law, i.e. for a maximum of 10 years.

For other purposes, the following periods will apply:

  • 10 years for basic purposes

  • 24 months for marketing purposes (unless consent is withdrawn)

  • 12 months for profiling purposes (unless consent is withdrawn)

These periods may be reduced and/or increased (subject to prior notice to the interested parties), for example in the event of indications from Institutions and/or Control Authorities. The possibility of withdrawing consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal remains guaranteed.

10. Transferring data to non-EU countries


The Data Controller may transfer your data to non-EU countries for example in order to use services such as archiving or to create mailing lists. Of course, in this case, Tosingraf undertakes to verify the security of the personal data transfer in accordance with the criteria established by legislation (e.g. the presence of a "legally binding instrument" that is enforceable by public authorities or public bodies; binding corporate rules; standard data protection clauses adopted by the Commission; codes of conduct; certification mechanisms).

More on this topic:

Transferring personal data to non-EU countries

  • This may involve greater risks and as such must be adequately supervised;

  • It is a complex activity requiring specific skills.

The starting point for such an organisation must be to take countermeasures to maintain the same level of protection that the personal data would have in an EU country. If Tosingraf opts for this possibility, it undertakes to collect all supporting documentation (e.g.: the presence of a "legally binding instrument" with enforceable effect between public authorities or public bodies; binding corporate rules; standard data protection clauses adopted by the Commission; codes of conduct; certification mechanisms) in advance and make them available to the Data Subjects in the same manner in which their rights may be exercised.

11. Complaint with the competent Supervisory Authority

The procedures at your disposal for your protection (in addition to exercising your rights against us) are:

  • accessing the complaints section on the website www.garante (if the Italian Authority is competent), or

  • applying the procedures prescribed by the Supervisory Authority of the Member State (where different from Italy) where the Data Subject usually resides, works or where the alleged breach occurred.

12. Your rights


Access - Restriction - Rectification - Right to object - Withdrawal of consent - Erasure (Oblivion) - Portability

More on this topic:

  • Right of access: you may receive a copy of the personal data being processed at any time.

  • Right of restriction: may be exercised not only if the processing is in breach of the law, but also if the Data Subject requests rectification of their personal data or objects to the processing thereof. The Data Controller undertakes to mark the data concerned with the aim of limiting their processing in the future.

  • Right to rectification: you may obtain without undue delay the rectification of inaccurate personal data concerning you. You have also the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • Right to object: you may object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, even if they are used for direct marketing and/or profiling.

  • Right to revoke consent if given, for example, for marketing purposes and similar.

  • Right to erasure (‘right to be forgotten’): you may obtain the erasure of personal data in an enhanced form, e.g. even after you have withdrawn consent to the processing of your personal data.

  • Right to portability: this does not apply to non-automatic data processing, i.e. to printed archives and/or registers; furthermore, only data provided by the Data Subject to the Data Controller and processed with the latter's consent or on the basis of a contract with the Data Controller may be portable.

13. What means should be used to exercise rights?

Post (registered post with return receipt)

Tosingraf S.r.l. Via Istria, 23 - 36027 Rosà (VI)

Tel. (+39) 0424 898312

Fax (+39) 0424 539134

certified email:


14. Deadline and procedure for responses from the Data Controller to Data Subjects who wish to assert a right concerning their personal data


1 (one) month, which can be extended in writing to 3 (three) months in more complex cases.

More on this topic:

If you exercise your rights, the Data Controller shall provide you with an answer in writing, also using electronic means that help accessibility (verbally only upon the express request of the data subject), within 1 (one) month which, in cases of particular complexity, may be extended to 3 (three) months, without prejudice to the obligation to provide feedback within one month of the request, even in the event of refusal. The Data Controller, after assessing the complexity of the request made by the Data Subject, may establish the amount of any fee to be requested from them, but only if such request is manifestly unfounded or excessive.

15. Modification to this information page

The Data Controller reserves the right to make changes to this information page at any time by notifying them to the Users here. We therefore ask you to consult this page frequently, taking the date of the last modification indicated at the bottom as a reference. If the User does not accept the changes made to this Privacy Policy, they must cease using this Application and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous information sheet will continue to apply to the Personal Data collected up to that moment.

Last update: 03/03/2022