Privacy Policy

Data protection notice

Dear Client/Supplier/Website browser, Trafital S.p.A. (hereafter "Trafital") as Controller of Personal Data Processing, informs you that your personal data will be processed in compliance with the European Regulation 2016/679 (hereafter GDPR) and with the provisions of the Privacy Guarantor and/or successive additions.
According to the above mentioned law, this processing will be based on principles of correctness, lawfulness and transparency, protecting your confidentiality and your rights.

The Controller

The Controller of the processing of personal data is Trafital S.p.A., with registered office in:
Via Ambrogio Colombo, n. 301
Gorla Minore (VA)
Fiscal code and Vat Number 01216480127.
E-mail address

Purposes and legal basis of the processing of personal data

Personal data is collected for the following purposes:
  • in the context of our business relationship with our business partners for the execution of the contract or to carry out pre-contractual measures (legal basis: execution of the contract or pre-contractual measures);
  • to fulfill legal obligations related to management, administration and accounting (legal basis: execution of the contract or pre-contractual measures and legal obligations);
  • if necessary, we also process the data in order to protect the legitimate interests of ourselves or third parties (legal bases: legitimate interest of the Controller);
  • provide the services offered by our website (legal bases: execution of the contract or pre-contractual measures);
The processing is authorized by European Regulation 2016/678, on the following legal assumptions:
  • Execution of pre-contractual measures or contractual obligations: if necessary to perform or fulfill the contract with Trafital or to carry out pre-contractual measures;
  • Legal obligations: if Trafital has to process your data to be compliant with the law;
  • Legitimate interest: in order to protect ourselves or third parties, also in the Court, or make claims against you or third parties.
We process personal data in compliance with the provisions of the EU General Data Protection Regulation, according to principles of correctness, lawfulness and transparency, for the execution of the contract or to carry out pre-contractual measures, to allow the website browsing and to process your requests, also with automated instruments.
The data provision is optional, but within the scope of the business relationship, business partners must make available the personal data required to establish, execute and terminate the business relationship, to fulfill the associated contractual obligations or which we are legally obliged to collect. Without this information, we will generally not be able to execute the contract and to allow website browsing.
The missing consent for promotional purposes, when required, doesn’t influence the contract execution, but means that the Controller can’t process your data for this purpose.

The categories of personal data processed

The Controller can process, exclusively for the above mentioned purposes, only common data, such as first and last name, form of address, title, job title, business address, department, hierarchy, business phone number, business mobile number, business fax number and business email address, language, the Company name, its legal office, its bank details and its economical and financial data, besides browsing data.
Referring to the last ones, after browsing in this website, it may be processed data relating to identified person or other data that could identify them.
a) Browsing data
During standard activity, IT systems, used to operate the services, acquire some personal data implicitly transmitted in the use of internet communication protocols or to improve the service quality. These information aren’t collected to identify people, but they could allow them to be identified.
b) Voluntarily provisioned data
Sending optional, explicit and voluntary e-mail or filling in the IT forms involves the collection of the sender e-mail address or personal data enclosed in the message or in the form.
We inform you that are considered “sensitive data” personal data suitable to show the racial and ethnic origin, religious, philosophical convictions, and so on, political opinions, membership of political parties, labor unions, religious, philosophical, political association or organization, as well as personal data concerning health state or sexual orientation.
These data, including judiciary data, aren’t object of the processing so, if received, they will be immediately deleted.
The provision of data referred to point b) is not obligatory, but the eventual refuse could arrest the service execution. If the data subject decides to provide his personal data, declares to accept and give the consent to the processing with the act of sending them.

Eventual recipients or recipient categories to which the personal data are disclosed.

Within our company, personal data are given only to those persons and offices (e.g. departments) that require the data to fulfill our contractual and legal obligations. They are under Controller responsibility, they are authorized subjects for the data processing, according to articles 24-29 UE Reg. 2016/679 and they have received specific instructions in this regard.
In addition, we may transmit personal data to other Processors outside the company, nominated by the Controller, if this is necessary to fulfill contractual and legal obligations (e.g. IT consultants, software house, public authorities...).
The Processors will take care to give adequate instruction to their employees and collaborators.
Finally, your common personal data may be disclosed to the following recipient categories:
  • customer/supplier of product or services for the contract execution and relative obligations;
  • insurance companies and credit institutions;
  • consultants and freelancers, also in associated firm.
The Controller does not intend to transfer data to a third Country outside the European Union.

The duration of personal data storage

Your data will be processed for the allowed time, or for the imposed time necessary to fulfil contractual and legal obligations and to ensure legal protection to you and to the Controller.
Then, the duration is linked to the business relationship duration, considering fiscal and administrative needs and legal obligations, as well as other needs for storage for legal protection, until the expiry of terms for claim and notice of appeal.

Processing place of browsing data

Data are physically stored in server placed in specifically designed datacenter. Through suitable security systems which grant the confidentiality during the transmission, they may be copied in remote storage systems to allow the eventual recovery in case of technical faults.
The processing happens through telematic means with suitable security measures which involve login credentials and application protection.


The following provisions are according to the Privacy Guarantor measures dated 8th May 2014 [doc. web No. 3118884] "Identification of simplified modality for the informative and consent acquisition for cookies use” in force from the 2nd June 2015.
A cookie is a brief text sent to the user browser by a website which allows the website to store information or settings during the present or future browsing; these data may be stored in the user system for a session duration (e.g. until the user close the browser) or for a longer time.
We can discern between technical cookies and profiling cookies and they may be sent directly by the visited website or by other ones (third parties cookies).
Technical Cookies
necessary for the service operation, preferences backup (e.g. language or browsing settings), and statistical purposes to collect data in aggregate form
Profiling Cookies
aimed at profiling for targeted advertising mailing, for retargeting or remarketing, for integration with social networks and for analysis based on sex, age, preferences inferred from browsing, and so on.
Function modality and options to limit or block the cookies, can be carried out modifying his own browser Internet settings. You can find further information at
Used Cookies and purposes
This website use the following cookies categories:
Session Cookies
Technical cookies to preserve the user session (authentication, user state in a complex procedure); disabling these cookies may cause services malfunction; they are stored only for the user session duration.
Persistent Cookies for preferences
Technical Cookies used to improve the website utilization storing some information for next browsing (username or preferences); they are stored for a maximum of a year from last visit.
"Google Analytics" statistical persistent Cookies
Third parties Cookies used to collect information on users number and browsing modality, such as most displayed pages, permanence time and browsing flow; these information are stored in aggregate and anonymous form.
The Controller is Google Inc. Company (hereafter Google); you can find his privacy informative at, and the specific ones referred to "Google Analytics" at
According to the service terms, Google will use these information, as autonomous Controller, for the purpose to track and examine the website utilization, fill in reports about website activity and provide other services related to the website, to the connection modality (mobile, pc, browser, and so on) and modality of research and pages reached. Google may transfer these information to third parties for legal obligations or if the third parties are Processors named by Google. Google won’t associate the IP address to any other data.
These cookies may be disabled without consequences for the browsing; their storage is decided by the third party.

Data subject rights

At any time, you can exercise the rights according to articles 15-21 EU Reg. 216/679 (correction, oblivion, processing restriction, data portability, opposition).
In particular:
  • the access right: in order to obtain the confirmation or not about your personal data, to obtain the access to these data and specific information (e.g. purposes, categories of data, recipients to which the personal data are disclosed);
  • the correction right: to ask the correction of wrong, inaccurate or incomplete personal data referred to you;
  • the deletion right: to obtain deletion of your data when they are no longer necessary or for illicit processing;
  • the processing restriction right: to obtain a processing limitation, e.g. for the sole storage without other uses, in some situations (e.g. if the processing is illicit and the data subject doesn’t want the cancellation; if the data subject claims the accuracy, during the terms of verification of accuracy…);
  • the data portability right: to obtain the personal data restitution for transmitting them to others or to ask the transmission from a Controller to another one, if technically possible;
  • the opposition right: to oppose at any time to the processing for purposes of marketing; in case of processing for scientific, historical or statistic research the data subject has the right of opposition except if the processing is necessary for public interest; the Controller refrains from the data processing unless he demonstrates the existence of binding legitimate reasons to proceed that prevail over the data subject interests, rights and freedom or for the legal defense.
To exercise these rights, write to
Furthermore, you have the right to propose a compliant to Control Authority, the personal data protection Guarantor, (, with legal office in Roma, if you think that your rights have been violated.

The Controller doesn’t use any automated decision process referring to your personal data.