GDPR

Data protection,
compliance and transparency.

Quality and Safety Srl is committed to strict compliance with European Regulation No. 679 of 2016 (GDPR) and with all directives and instructions issued by the supervisory authorities. The technical and organizational measures we apply are aligned with the ISO/IEC 27001 standard.

  • Compliance with the regulation

    Strict compliance with Regulation (EU) 2016/679 and with all directives and instructions issued by the supervisory authorities.

  • Minimization

    We collect only the data strictly necessary for the stated purposes, following the privacy-by-default principle.

  • Data sovereignty

    Infrastructure in Italy and Europe, at-rest and in-transit encryption, access governed by ISO/IEC 27001 policies.

  • Data subjects’ rights

    We promptly handle requests for access, rectification, erasure, restriction, portability and objection.

Documents

Exercising your rights.

Internal policy and form to submit requests regarding the protection of personal data.

Roles and responsibilities

In the services we provide to clients we typically act as Data Processor (Art. 28 GDPR), with an appointment contract governing instructions, security measures, confidentiality obligations and audits.

Data Processing Agreement

On request we provide our clients with the DPA (Data Processing Agreement) and the up-to-date list of sub-processors, including ACN-qualified infrastructure providers.

Impact assessments

For processing that requires it — such as in healthcare or involving AI technologies — we collaborate with our clients on drafting the DPIA (Data Protection Impact Assessment) and, where applicable, the FRIA (Fundamental Rights Impact Assessment) required by the AI Act.

Do you want to exercise your rights?

Contact the DPO at the certified email (PEC) DPO@pec.qualityandsafety.org or download the request form in the Documents section.

Write to the DPO