Close this search box.

Privacy notice

Who is the Data Controller? 

Qapla’ S.P.A. SB (Tax Code & VAT No. 06492420481) with registered office in San Casciano in Val di Pesa (FI), via XXVII Luglio n.22, email: – phone: +39 0550351512 (hereinafter, “Data Controller”).

How can I contact them?

The company’s contact details are:
Phone: +39 0550351512
Address: via XXVII Luglio n. 22 – San Casciano in Val di Pesa

What are the contact details of the DPO?

The company has appointed, as its own DPO, Attorney Antonino Polimeni, who can be reached at the email:

1. Preamble

According to the European Regulation on the protection of personal data (GDPR), legal entities are not considered data subjects, and thus the European regulation does not apply. However, if personal data referring to a natural person are included in the context of the collection of corporate data, this person will be considered a data subject according to the regulation, resulting in the applicability of the relevant legislation.

2. What processing activities are carried out through the website? And what are the legal bases, purposes, and retention periods?

Contact us

Request information

The purpose of processing the data is to allow you to send us requests for information.

Pre-contractual measures carried out at the request of the data subject. In the event of litigation, the data will be processed to assert or defend against legal claims, which corresponds to the legitimate interest of the data controller.

We will process the data for the time necessary to respond to your requests and subsequently for 18 months. In case you become our client, a specific notice will be provided, and the data will be transferred to the new location. They may be kept longer only in case of possible disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller. The obsolescence of the data is verified every 12 months.

Providing the data is optional, but refusal will make it impossible to proceed with the submission of the form.



The purpose of processing the data is to send you newsletters and DEMs, including via postal mail, phone calls, email, SMS, MMS, and notifications. In the case of purchasing our product, your data will be exported to a CRM for sending commercial information on products similar to those purchased.

Consent. In the case of purchase, your consent is not required under Art. 130, paragraph 4, Legislative Decree no. 196/03.

Data will be deleted 5 years after the last email sent. You can always exercise the opt-out at any time.

Providing the data is optional, but refusal will make it impossible to proceed with the submission of the form. In case of purchase, the provision is automatic.

Browsing data

Site security

We will process the data based on the company’s legitimate interest in cybersecurity and compliance with legal obligations. The legal basis for processing cookies other than those necessary is consent.

For information on cookies, please refer to the specific notice.

3. What else should I know?

The data will be processed lawfully, fairly, and with the utmost confidentiality, in accordance with appropriate security measures as required by the Code and the Regulation. The processing will be carried out using digital means. The data will not be subject to public disclosure, except for information related to reviews if provided, and the user will not be subjected to automated decision-making processes such as profiling unless they consent to this through the installation of cookies or other tracking tools, for which the relevant notice applies.

4. To whom will my data be disclosed?

The Data Controller may disclose the data to all subjects for whom disclosure is required by law to carry out the purposes provided by law. The Data Controller also relies on certain companies or IT tools that perform data processing activities on behalf of the data subjects, exclusively in the interest of the Data Controller, all duly appointed as Data Processors under Article 28 of the GDPR. The list of Data Processors is available at the company’s headquarters.

5. Where will the data be stored and transferred?

The management and storage of personal data will be carried out on servers located in Europe.

6. What are my rights and how can I exercise them?

a) Data Subject Rights

As a data subject, you have the rights under Article 15 et seq. of the Regulation, specifically:

1. RIGHT OF ACCESS (Article 15 GDPR)

The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet registered, and their communication in an intelligible form.


The data subject has the right to obtain the rectification of inaccurate personal data concerning them and the completion of incomplete data.


The data subject has the right to obtain the erasure of personal data in the presence of specific reasons such as withdrawal of consent, objection to processing, or if the data are no longer necessary for the purposes for which they were collected and processed or in case of unlawful processing. It may not always be possible to proceed with erasure, but the data controller must provide adequate justification.


The data subject has the right to obtain the restriction of processing in the presence of specific circumstances, such as, for example, in case of a request for rectification or objection during the evaluation period of the requests.


If the processing is based on consent or a contract and is carried out using automated tools, the data subject may receive the data in a structured, commonly used, and machine-readable format or request their transfer to another controller.

6. RIGHT TO OBJECT (Article 21 GDPR)

The data subject has the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of the collection;
b) to the processing of personal data concerning them for the pursuit of purposes not contemplated in Article 2. The user may submit a request to object to the processing of their personal data under Article 21 of the GDPR, in which they provide the reasons justifying the objection. The Data Controller reserves the right to evaluate the request, which would not be accepted in case there are compelling legitimate reasons for proceeding with the processing that prevail over the user’s interests, rights, and freedoms.


The data subject has the right to lodge a complaint with the competent supervisory authority under Article 77 of the GDPR if they believe that the processing of their data is contrary to the current legislation.

b) How to exercise your rights:

The data subject may exercise their rights under the Regulation at any time by contacting the Data Controller at the addresses provided above.

This Privacy Notice was redacted by Polimeni.Legal