Skip to main content

Privacy Policy

The following information is provided in accordance with Articles 13 and 14 of Regulation EU No 679/2016 (“GDPR”) and subsequent national implementing legislation (together with the GDPR, the “Privacy Legislation”) to users receiving services accessible from the Web address Information about users may be collected while accessing the site and such information constitutes personal data under the Privacy Legislation. The term “personal data” is as defined in Article 4(1) of the GDPR: “any information relating to an identified or identifiable person; an identifiable person is the person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (“Personal Data”).

The GDPR requires that before processing Personal Data – as defined in Article 4(2) of the GDPR as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (“Processing”) – the person whom such Personal Data concerns must be informed of the reasons why such data is requested and how it will be used.

Accordingly, this document aims to provide, in a simple and intuitive manner, all the information needed to enable the user, where necessary, to provide his/her Personal Data in an aware and informed manner and, at any time, request and obtain clarification and/or corrections.

This policy statement has therefore been drafted under the principle of transparency and all the elements required by Article 13 of the Regulation. It is divided into individual sections, each of which deals with a specific subject, to make it quicker and easier to read and understand (the “Policy Statement”). The Policy Statement refers exclusively to the above site and does not apply to any other websites that may be reached through any other links on the site.


The data controller is QuattroR SGR SpA with registered office in Via Borgonuovo 14, 20121 Milan (the “Management Company”).


Browsing data

During their normal operation, the computer systems and software procedures used by this website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols.

This information is not collected to be associated with identified parties, but by its very nature could, by means of processing and associations with data held by third parties, enable users to be identified.

This data category includes IP addresses or domain names of users’ computers that connect to the site, the notation addresses in URI (Uniform Resource Identifier) of the resources requested, time of request, method used to submit the request to the server, the size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used for the sole purpose of checking the proper functioning of the site and is deleted at the latest within 7 days of collection, except where it is to be used to ascertain liability in the event of computer crimes against the site, in which case the information will be available to the Authority for the time necessary to allow the Management Company to exercise its rights to defence.

Data voluntarily provided by the user

Specific instructions regarding the processing of Personal Data will be given for sections that the user may complete voluntarily.


Cookies are text strings (“data files”) that certain websites, when accessed, may send to the user to track the user’s movements within the site and collect data anonymously, in order to improve the service and usability of the site.

The Management Company does not use IT techniques for the direct acquisition of the user’s personal data. Neither Cookies nor systems for tracking users are used to transmit information of a personal nature.

The Management Company uses “technical cookies” solely to make it possible for users to browse the website and enable its functions. Some technical cookies are necessary to provide an optimum navigational experience or to enable users to authenticate themselves on the site, for example to enter a restricted area (“navigation cookies”). Navigation cookies are session cookies and, therefore, once the browser is closed, they are automatically deactivated. User consent is not necessary to install these cookies.

In addition, the Management Company uses “third-party analytical cookies” which, by collecting information on how visitors interact with the site content (most visited pages, navigation time, etc.), provide useful statistics that enable the site’s optimisation and improve navigability. User consent is not required for this type of cookie, since the Management Company has both masked a significant portion of the users’ IP addresses and concluded agreements under which the third parties undertake not to use the information collected for purposes other than statistical analysis nor to cross-reference it with other data in their possession.

Whether the user  still wish to disable cookies already installed, the user must adjust your browser’s settings. However, doing so may cause site malfunctions or loss of some functions. The procedure to be followed varies depending on the browser being used. More information can be obtained by selecting the link for browser:

Internet Explorer:
Google Chrome:
Safari iOS (iPhone, iPad, iPod touch):

If the  browser is not one of the above, the following website can be visited or the function “Help” can be selected on the browser.


Except as specified for navigational data, the user is free to provide his/her personal data or otherwise provide access to it in order to obtain information or other communications. However, failure to provide personal data may make it impossible to obtain the requested information. Furthermore, where consent is given, the information may be processed for further purposes as indicated below.


Personal Data collected, if any, and unless otherwise specified, will be processed only as part of the operation of the site or to provide the requested services.


Personal Data may be disclosed to specific subjects, considered to be recipients of such Personal Data. Article 4 (9) of the GDPR defines a recipient of Personal Data as “the natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not“Recipients”).

In this respect, in order to correctly implement all the processing activities necessary under this Policy, the following parties may be in a position to process your Personal Data:

  • third parties engaged in Processing and/or related and instrumental activities on behalf of the Data Controller. These parties are designated data processors;
  • individuals, employees and/or collaborators of the Data Controller, who have been entrusted with specific assignments and/or multiple Personal Data processing activities and who have been given specific instructions on the security and proper use of Personal Data;
  • where required by law or to prevent or combat the commission of an offence, Personal Data may be disclosed to public bodies or judicial authorities without them being defined as Recipients. In fact, pursuant to Article 4(9) of the Regulation, ‘public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients”.

The data collected will never be disseminated.


One of the principles applicable to the processing of your Personal Data concerns the limitation of storage periods, governed by Article 5(1)(e) of the GDPR which reads “Personal Data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject”.

In light of this principle, your Personal Data will be processed by the Data Controller only to the extent necessary for the purposes indicated in this Policy.


As User you may exercise the rights granted by the Privacy Policy, including, but not limited to, the right to (i)access your Personal Data (know the source thereof, the purpose and extent of its processing, the details of subjects to whom it is communicated, the data storage period or the criteria used to determine it), (ii)request that it be rectified, (iii)request its deletion (“right to be forgotten”), if no longer necessary, incomplete, incorrect or collected in violation of the law; (iv) request that processing be restricted to a part of the information concerning you; (v)as far as is technically possible, to receive or transmit in a structured format, to the user or third parties identified by said user, the information concerning you (“portability”). In this case, you will be responsible for providing us with all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with written authorisation;(vi)withdraw your consent at any time if this constitutes the basis of processing. The withdrawal of consent does not, however, prejudice the legality of the processing based on the consent given before its withdrawal.

The above rights may be exercised by written request addressed informally to the Controller at the registered office indicated above or by sending a notification to the following email address.

The Management Company also informs you as user that – without prejudice to the right to appeal in any other administrative or judicial forum – if you believe that the Processing of Personal Data conducted by the Data Controller is in violation of the GDPR and/or applicable legislation you may lodge a complaint with the competent Data Protection Authority.

Last Updated Date – June 2018