Compliance GDPR

Compliance GDPR

Art. 5 – Lawfulness and data retention

Customer data is collected only for the purposes specified in the contract and for the time strictly necessary for the execution of the contract itself. The customer’s personal data are kept for 10 years from the termination of the contract. The consent to the sending of commercial communications is kept for 2 years.


Art. 7 – Conditions for consent

The consent given when signing the contract is necessary for the provision of the service. Consent relating to the processing of data for sending commercial communications is required separately and can be refused.


Art. 13 – Information to be provided to the interested party at the time of data collection

The consent given when signing the contract is necessary for the provision of the service. Consent relating to the processing of data for sending commercial communications is required separately and can be refused.

Qsistemi at the time of the data collection of the interested party provides all the requested information. The same are present at the following link: https://www.qsistemi.com/en/privacy-en/


Art. 15-20 Rights of the interested party

Qsistemi guarantees the rights of the interested party (customer) and in particular: right to access, rectification, cancellation and limitation by sending a PEC to the address: privacy@qsistemi.com Qsistemi will communicate the modification / cancellation and will not hinder the transmission of data to another data controller if requested by the interested party.


Art. 28 – Responsible for the treatment

Qsistemi has appointed a data processor who will implement all measures to protect the personal data of the data subject, delete and modify the personal data of the data subject if requested by him. The data processor can be contacted at the certified email address: privacy@qsistemi.com


Art. 30 – Records of processing activities

Qsistemmi tracks the methods of processing the data of the interested party through a register updated by the Data Processor. Upon request, the processing register is made available to the competent authority.


Art. 32 – Security of processing

Customer data is stored in facilities with secure and controlled access 24 hours a day, 365 days a year. The facilities where customer data are stored have air conditioning, fire and intrusion systems (with biometric access on the machines where the encrypted data is stored) to best preserve customer data.


Art. 33, 34 – Data Breach

In the event of a breach of personal data, Qsistemi will communicate the fact to the Supervisory Authority within 72 hours from the moment it becomes aware of it. It will also communicate the event to the interested party without undue delay, but in any case within 72 hours if the accident is likely to present a high risk to the rights and freedoms of individuals.


Art. 35 – Privacy Impact Assessment (DPIA)

Qsistemi carried out a risk analysis relating to the impact on the rights and freedoms of the data subject in relation to privacy management. The analysis also provides for the measures envisaged to address the risks and to reduce the probability of their occurrence.


Art. 123 Legislative Decree 30 June 2003 n. 196 – Traffic data

The processing of personal data relating to traffic is allowed only to those in charge of processing. Treatment is limited. the data relating to voice traffic are stored for 6 months in the clear for billing, 24 months for encrypted telephone traffic, 30 days for unanswered calls. At the moment the storage times have been increased up to 72 months (encrypted) to guarantee effective investigation tools to counter terrorism, including international ones. These data will be delivered only to the judicial authorities.