Privacy & Cookie Policies

Your personal data are protected

This page describes how this website is managed with reference to the personal data processing, which will take place in compliance with the applicable legislation, with particular reference to the EU Regulation 2016/679 General Data Protection Regulation (hereinafter “GDPR”) and to the Italian laws and regulations (hereinafter the “Applicable Privacy Law”). This notice is addressed to those who interact with the web services provided by BOS Srl, accessible through the address:, corresponding to the official website homepage. The information is provided only for the website indicated above and not for other websites that may be consulted by the user via various links.



Pursuant to the GDPR on the protection of personal data, the Data Controller of any personal data collected through this website is BOS SRL, with registered office in Via Maserati, 16 – 40128 Bologna, Italy.



Data collected by web services of this site are processed by the servers of Tecniche Nuove S.p.A. Milano and Bologna Fiere S.p.A., located at the companies’ headquarters or at the webfarms of their suppliers, and are only handled by technical staff in charge of data processing, or by any person in charge of server maintenance operations.



Navigation data:

The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data which are then implicitly transmitted in the use of Internet communication protocols. By their nature, this information could, through associations and processing with data held by third parties, allow users / visitors to be identified (e.g. IP address, domain names of computers used by users / visitors who connect to the site, etc.) . These data are used only for statistical information (and are therefore anonymous) and to check the correct functioning of the site. No data deriving from the web service will be communicated or disseminated. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site; except in this case, the web contacts data do not persist for more than seven days.

Data provided voluntarily by users:

Except as specified for navigation data, users / visitors are free to provide their personal data via the contact forms on the website. The personal data provided (name, surname and e-mail address) will be processed exclusively to respond to the latter’s requests, or for the provision of a specific service. Failure to provide data relating to the fields marked with an asterisk may make it impossible to benefit from the requested service.
Specific summary information will be reported or displayed on the webpages dedicated to particular services on request.



This site uses only technical or session cookies. No use is made of profiling cookies.
Cookies are not used to transmit information of a personal nature, nor are the so-called persistent cookies of any kind, or systems for tracking users.
The use of so-called technical or session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow a safe and efficient exploration of the site. The so-called technical or session cookies used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user’s personal identification data.



The GDPR confirms that each data processing must be based on an appropriate legal basis. The basis of lawfulness of the processing are consent, fulfillment of contractual obligations, vital interests of the data subject or of third parties, legal obligations to which the owner is subject, public interest or exercise of public authority, overriding legitimate interest of the owner or of third parties to whom the data are communicated.
In particular, the Data Controller collects and processes Users’ personal data for the following purposes:

use of the user’s personal data to answer user requests sent through the website and management of the newsletter service.



In addition to the Data Controller, managers and authorized subjects involved in the corporate management of the website may have access to the data. Furthermore, the Data Controller may appoint external subjects (such as technical service providers, hosting providers, cloud services, IT companies) as external managers. The updated list of managers can always be requested to the Data Controller. The data processed by the Data Controller will not be disclosed.
The Data Controller may communicate the collected personal data to the companies of the group to which it belongs (Tecniche Nuove S.p.A. / Bologna Fiere S.p.A.).



The GDPR provides for an obligation to inform data subjects in the event of the transfer of their personal data to third countries (not belonging to the EU or to the European Economic Area: Norway, Iceland, Liechtenstein) or international organizations. .
The Data Controller informs the interested parties that it does not transfer data to third countries.



The data collected by the Company, for the purposes indicated above, will be kept for the time necessary to carry out the operations for which they have been acquired. The retention period will be determined on the basis of the assessment of the single operation and will take place, in any case, in compliance with the principles of necessity, purpose, relevance and non-excess established by the GDPR.


Data processing is carried out through automated tools (eg using electronic procedures and media) and / or manually (eg on paper) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the relevant regulations in force.

Pursuant to the Applicable Privacy Law, Users will have the right to:

a) be informed of the purposes and methods of their personal data processing;

b) access to their personal data;

c) obtain a copy of their personal data, where these are stored in countries outside the European Union, as well as obtain an indication of the place where such personal data are stored or transferred;

d) request the correction, updating or integration of their personal data;

e) request the cancellation, anonymization or blocking of their personal data processing;

f) object, in whole or in part, to any processing carried out through automated decision-making processes, including profiling;

g) withdraw their consent to the processing, where provided, freely and at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to the withdrawal;

h) contact the Data Protection Officer of the Data Controller;

i) lodge a complaint with the Guarantor for the protection of personal data.

Pursuant to the Applicable Privacy Law, starting from May 2018, Users will have the following rights:

a) the right to data portability, i.e. the right to receive personal data in a structured format, commonly used and readable by an automatic device, and the possibility of being able to transmit them to another data controller freely and without impediments – where applicable ;

b) the right to request the limitation of their personal data processing, where applicable.

The Data Controller can be contacted for any request relating to this Policy by writing to BOS srl via Alfieri Maserati, 16, Bologna via e-mail:



Minors under the age of 16 must not and cannot provide information or personal data to the Company through the channels provided by this site. If such activity is necessary, the consent of those exercising parental responsibility is essential. In the absence of such consent, no activity will be possible. If in doubt about the matter, please contact us at the addresses published on this site.


Data Protection Officer

The Data Protection Officer (DPO) is the company Econconsult S.r.l. As required by art. 39 of the GDPR, the DPO has the task of: informing and providing advice to the Data Controller regarding the obligations deriving from the GDPR, the Code for the protection of personal data and other provisions of the European Union relating to data protection; monitoring the compliance with the GDPR and other Union provisions relating to data protection; providing opinions on the impact assessment on data protection carried out by the operational functions of the structure and supervising its performance; cooperating with the supervisory authority; acting as a contact point for the Supervisory Authority.


Changes and Updates

This Policy is applicable from May 25, 2018 and updated on April 18, 2019.