Privacy Policy

ReaQta is committed to comply with the data protection (in particular EU Regulation n. 2016/679, “General Data Protection Regulation” – aka GDPR) and this Privacy Policy page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive, in particular regarding the Processing of your Personal Data.

“Processing of Personal Data”, in plain words, means any operation or set of operations which is performed on any information relating to an identified or identifiable natural person (Data Subject). As an example, your e-mail address is considered Personal Data and while we collect and store it we are “processing” it. Transmission to third parties and erasure are other processing operations.

We are defined “Data Controller”, as we determine the purpose and means of the processing of Personal Data.

You, as a “natural person to whom Personal Data are related”, are defined “Data Subject” and you are entitled to be informed on who we are, which Data we process, why/how/how long we process them, your rights and obligations.

In addition, we’d like to inform you that when you browse this Website we collect Browsing Data (e.g. IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status, and other parameters related to the user’s operating system and computer environment). Normally, collection of this Data does not imply processing of Personal Data, as we cannot identify you through those data; in any case, Browsing Data are erased immediately after being aggregated (except if judicial authorities need such data for establishing the commission of criminal offences).

Who are we?

(Data Controller)

ReaQta BV, an IBM Company, a company duly existing and organised under the laws of Netherlands, with registered offices in Amsterdam, Molenpad 6H, 1016 GM (“ReaQta” or “Controller”).
Why are we processing Personal Data?


In order to:

  1. allow you to navigate the website;
  2. send you our newsletter;
  3. allow you to contact us via webform;
  4. comply with legal obligations to which the Controller is subject.
Why are we allowed to process your Personal Data?

(Legal Basis)

Processing of your Personal Data may be:

  1. based on your freely given and specific consent (purpose n. 2 above);
  2. in the legitimate interests pursued by the Controller, which is not overridden by your interests or fundamental rights;
  3. necessary for compliance with a legal obligation to which the Joint Controllers are subject (purpose n.4 above).
To whom do we transfer your Personal Data?

(Categories of Recipients)

In the minimum necessary extent in relation to the above purposes the Controller may disclose your Personal Data to:

  1. service providers (e.g. IT) who carry out processing on our behalf, acting as Data Processors;
  2. persons who, under the direct authority of the Joint Controllers, are authorised to process Personal Data;
  3. public Authorities and Agencies, if required to do so by law or in response to their valid requests.
How long do we retain your Personal Data?The Controller will store your Personal Data only for as long as is necessary for the above purposes and to comply with its legal obligations, resolve disputes and enforce legal agreements and policies.

Browsing Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or we are legally obligated to retain this data for longer time periods.

Do we transfer Personal Data outside the European Economic Area (EEA) or to international organisation?Personal Data may be transferred to – and maintained on – computers and persons outside the EEA.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless it is based adequacy decision by the Commission or other appropriate or suitable safeguards.

Do we do Profiling?No, we actually don’t profile our users.
Do we use Cookies?Yes, we do, as the following:

  • Session Identification: Identifies the user’s http session. Common to all web applications to identify user requests during a session.
  • Google Analytics: Make it possible to monitor the website using the Google Analytics, a service provided by Google to obtain information about user access to websites. Some of the data saved for subsequent analysis are the number of times a user visits the website, the date they visited the website for the first time and the last time, the duration of their visits, from which other page the user accessed the website, which search engine the user used to reach the website or on which link they clicked, from which part of the world they are connecting, etc. The configuration of these cookies is predetermined by the service offered by Google, as a result of which we recommend consulting the privacy page of Google Analytics at ml, for further information on the cookies used and how to disable them (taking into account the fact that we are not liable for the content or the accuracy of third party websites)
Are you obliged to provide your Personal Data?You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent, except Session Identification- cookies (n. 1 above), which are temporary maintained, only during the session.
What happens if you don’t provide your Personal Data?You may disable, restrict or delete the cookies from this website at any time by changing the configuration of your browser.
Which are your rights?You have the right to:

  1. request the access to the data we hold about you and have a copy of them;
  2. request the rectification of incomplete or inaccurate data;
  3. request the erasure of the information we have on you;
  4. request the restriction of processing;
  5. object to the processing of your Personal Data, on grounds relating to your particular situation;
  6. where the processing is based on your consent, withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  7. request data portability in a structured, commonly used and machine-readable format, where technically feasible;
  8. lodge a complaint with a Supervisory Authority, in particular, under the GDPR, in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing infringes the Regulation. Without prejudice to any available administrative or non-judicial remedy you also have the right to an effective judicial remedy before the courts of the Member State where the Joint Controllers have an establishment or, alternatively, where you have your habitual residence.
How you can contact us?If you have any questions about the processing of your Personal Data, or you want to exercise your rights, please contact the Controller at you may also contact our representative in the EU, designated according to Article 27 GDPR.

List of definitions

  1. Applicable Regulations”: any provision of law, independently of its ranking, belonging to the legal systems of the European Union, which is in any way applicable to the Agreement.
  2. Authorised”: the individual who, under the supervision of the Company, is instructed by the latter in relation to the Processing of Personal Data as per art. 29 GDPR.
  3. Authority”: the entity or organisation, whether private or public, entrusted with the judiciary, administrative, disciplinary, surveillance and police powers.
  4. Committee” or “EDPB” the European Committee for the protection of personal data, as established by art. 68 GDPR and regulated in arts. 68 to 76 GDPR, which substitutes WP29 from 25 May 2018.
  5. Communication”: “the providing of information concerning personal data to one or more subjects other than the data subject, as operated by a representative of the Controller in the territory of the European Union, by the Processor or its representatives in the territory of the European Union, by those who are Authorised to the processing of personal data in light of art. 2-quaterdecies under the direct supervision of the controller or the processor, independently of the modalities of the processing, even by making the information concerning the personal data available, consultable or reachable by interconnection” (as set forth in art. 2-ter, comma 4 lett. a of the Privacy Code).
  6. Controller”: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”, as defined in art. 4, subparagraph 1, no. 7, GDPR.
  7. Supervisory Authority”: the independent public authority of a Member State of the European Union or of the European Union itself that in entrusted with the task of assessing the application of Privacy Regulations.
  8. Data”: one or more categories indicated as Personal Data or Special Data.
  9. Database”: group of Data and/or Information which is homogenous in relation to its content and format, as owned by each of the Parties and sent to the other Party for the purpose of signing and/or performing the Agreement.
  10. Data Subject”: “an identified or identifiable natural person”, as defined in art. 4, subparagraph 1, no. 1, of EU Regulation no. 2016/679 (“GDPR”).
  11. Director”: the individual provided with the powers to legally represent a Party or a Third Party.
  12. Employee”: natural person who carries out work under the supervision of one of the Parties or the Commercial Contract, independently of the type of the formal contractual relationship with them.
  13. GDPR”: EU Regulation no. 2016/679 concerning “the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”;
  14. Information” o “Confidential Information”: the data or information (of any nature, whether technical, productive, financial, commercial, operative, accountancy-related or economical etc.), as well as the documents, declarations, and generally any piece of information concerning, by way of example, the know-how, processes, results, milestones, draft, specifications, forecasts, business plans, also in the form of memos, figures, internal communications, studies, reports, lists, data, tables, forms, security infrastructures, clients and/or suppliers, exchanged among the Parties and/or made available to each of the Parties for the purpose of the signing or performance of the Agreement, or developed by the other Party in relation to the Opportunity, independently of their format (oral, electronic or in writing), which is labelled as “confidential” or anyway regarded as such by the Party that submits it.
  15. Lead”: the individual or entity who is potentially interested in the possibility of entering into an agreement with one of the Parties, as well as with their Directors, Employees or agents.
  16. Marketing”: indicates singularly or collectively the submission of advertising, marketing, sale and market research materials.
  17. Personal Data”: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, a defined in art. 4, subsection 1, no. 1, GDPR).
  18. Privacy Regulations”: EU Regulation no. 2016/679 (“GDPR”) and further applicable Regulations, independently of their legal rank, thus including the opinions of WP29 and, from 25 May 2018, of the Committee.
  19. Processing”: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined in art. 4, subparagraph 1, no. 2, GDPR.
  20. Processor”: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in art. 4, subparagraph 1, no. 8, GDPR.
  21. Profiling”: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”, as defined in art. 4, subparagraph 1, no. 4, GDPR
  22. Prospect”: the individual or entity who is actually interested in entering into an agreement with any of the Parties, thus including their Directors, Employees and agents.
  23. Recipient”: “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, a defined in art. 4, subparagraph 1, no. 9, GDPR.
  24. Restriction of the processing”: “the marking of stored personal data with the aim of limiting their processing in the future”, as defined in art. 4, subparagraph 1, no. 3, GDPR.
  25. Services”: the work of any kind (e.g. supply of goods/services) as performed by each of the Parties.
  26. Special Data”: Personal Data that “reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, […] concerning […] a natural person’s sex life or sexual orientation” (art. 9.1 GDPR), “concerning health” (“personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status”, as defined in art. 4, subparagraph 1, no. 15, GDPR) and the “data relating to criminal convictions and offences or related security measures” (art. 10 GDPR), as well as “genetic data” (“personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question”, as defined in art. 4, subparagraph 1, no. 13, GDPR); “biometric data” (“personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data”, as defined in art. 4, subparagraph 1, no. 14, GDPR).
  27. Spreading”: “providing information in relation to the personal data to unidentified subjects, in any format, also by making them available or consultable” (as defined in art. 2-ter, comma 4, lett. b of the Privacy Code).
  28. Supplier”: the individual or entity that submits a commercial offer to any of the Parties or to the Commercial Contract (independently of their acceptance), as well as to their Directors, Employees or agents.
  29. Third Party”: anyone who is not a Party.
  30. “WP29”: the Working Group for the protection of individuals with regard to the processing of personal data, as established by art. 29 Directive 95/46/CE, whose tasks were established by art. 30 of Directive 95/46/CE and by art. 15 of Directive 2002/58/CE.