Privacy Policy

The present privacy policy (hereinafter, “Privacy Policy”) applies to all personal data processing that occurs when:

  • you interact with the website (hereinafter, “Site”), managed by Cefriel S.c.r.l. with registered office at Viale Sarca 226, Milan (hereinafter, “Cefriel”);

  • you access other Cefriel services, whether online at our Site, or offline at the Cefriel administrative offices, or when you contact customer support, or make a specific enquiry;

  • we communicate with you as part of our marketing operations.

The present policy shall not apply to other sites, pages, or online services available through any hyperlinks posted on the Site leading to resources outside the Cefriel domain.
By accessing and using this Site, or otherwise providing us your personal data (e.g. when you contact us by phone) you confirm you have read and understood our methods of collection, processing, use, and disclosure of your personal data as described herein.
Any time your consent to personal data processing is required, we will ask you – prior to submitting your personal data or using any section of the Site – to confirm your consent to the processing operations in question, as better described herein, ticking the appropriate box for the same. Your consent (provided by ticking the appropriate box) and use of this Site serve as proof that that you accept the processing operation in question. Documents proving your acceptance of the Privacy Policy, the dates for the same, and any future update to the policy, shall serve as dispositive written proof of your consent.
We process personal data in accordance with applicable data-protection laws and regulations including but not limited to the laws promulgated by the European Union for the regulation of natural person data processing, as well as the free circulation of such data, and all laws promulgated by any EU member state, as well as all orders and guidelines issued by the data protection authority as may from time to time apply, EU Regulation 2016/679 of the European Parliament and Council of 27 April 2016 (hereinafter, “General Data Protection Regulation” or “GDPR”), which supplements national provisions applicable beginning on 25 May 2018 (hereinafter, “Data Protection Laws’).

Who controls the processing of my personal data? Who is responsible for the data?

The Data Controller is Cefriel S.c.r.l. with registered office at Viale Sarca 226, Milan, and Tax ID no. 09144820157, phone 02.239541, email, pursuant to Art. 4 of the GDPR.

What personal data are processed?
Automatic collection of information on this Site.
The processing of your personal data when you visit and view the Site is limited to what is known as “navigation data”, meaning data whose submission to the Site is implicit to the systems used to run the Site, and all typical internet protocols. IP addresses for the device you use to connect to the Site, and other parameters relating to your device and operating system are examples of navigation data.
Navigation data – like those specified above, for instance the number of visits and the time spent browsing the Site – are collected by us and processed exclusively for statistical purposes and in an aggregate form for the purposes of assessing and streamlining Site functioning. By their very nature, navigation data may allow for users to be identified, if associated with data held by third parties. However, we do not collect navigation data specifically to associate them with identified users, except where such data might be used to determine culpability for any cybercrimes targeting or using the Site, to the extent permitted by law.
Furthermore, some information is collected on this Site using cookies and other tracking technology, as described in our cookie policy available by clicking on: Cookie Policy.

What information do you provide us?
We process the following categories of data:

  • Personal data you provide us when you interact with Site functions or upload user-generated content to the Site. These personal data may include: First name and surname, email address, telephone number, Company, and position in the company

  • Personal data that you provide when you sign up for/subscribe to our activities such as our newsletter or mailing list, or participate in a promotion or other programme, etc. These personal data may include: first name and surname, email address, telephone number, Company, and position in the company, Timeline of services used, Preferences and interests.

  • Personal data you provide when you interact with our personnel, e.g. when you send an informational enquiry, feedback, or contact our administrative offices for assistance. These personal data may include: First name and surname, email address, telephone number, Company, and position in the company, Timeline of services used, Preferences and interests, Information on the reasons you contacted us, Correspondence or transcripts / recordings of your interaction with our staff.

What are the purposes for which my personal data will be processed?
We will process your personal information for the following purposes:

  • To run and manage the Site;

  • For direct marketing (with your optional consent) and for communication via platforms such as social media;

  • For surveys (with your optional consent);

  • For profiling (with your optional consent);

  • For purposes of fraud prevention;

  • To comply with our statutory and regulatory obligations (Italian and EU) and should it become necessary, to assert or defend a right in a court of law.

What are the legal bases for processing my personal data, as described in this policy?
We will process your personal data for the purposes described in the Section “What are the purposes for which my personal data be processed?” on one of the following legal bases:

  • processing is necessary for reasons relating to our, or a third party’s, legitimate interest – provided such interests do not conflict with your interests, or fundamental rights and liberties (Article 6.1[f] of the GDPR, in effect as of 25 May 2018). Legitimate interests we might pursue include, to wit, our interest in responding to your specific enquiries, in requesting your feedback to improve our website and services, or to carry out general marketing activities.

When your specific consent is necessary to process personal data, as described in this document, your personal data will be processed pursuant to such consent.

How long will my personal data be processed?
Personal data shall not be retained longer than necessary to pursue the specific purposes described herein unless a longer retention period is allowed by statute, and shall cease if and when you revoke your consent.

Is my personal data safe?
We pledge to protect the security and privacy of your personal data. We have implemented – and we require that each service provider and/or third party responsible for any processing done on our behalf to implement, per our instructions – technical and organisational measures intended to prevent the loss or destruction (be it intentional or accidental) of any data, as well as any unauthorised or unlawful use of the data. Furthermore, our IT infrastructure and software are configured in such a way that personal and identifying data are only used if and when necessary for the specific processing purposes as are, from time to time, pursued.

We use a wide range of technology and advanced security protocols to protect personal data from the above-described risks.

What about data breaches?
If a data breach (Art. 33 and 34, GDPR) occurs, the data controller will alert the control entity designated under Article 55 without undue delay – within seventy-two (72) hours of notice of the breach, if possible – unless it is unlikely that the data breach presents a risk for the rights and liberties of natural persons. Should the report to control entities not be made within seventy-two (72) hours, the report shall include the reasons for the delay.

Should the personal-data breach potentially jeopardise the rights and liberties of natural persons, the data controller shall alert the data subject without undue delay.

Where will my personal data go? Who are the intended recipients? Where are data transferred, and for what purposes?
Personal data are collected through our Site, and then stored in our servers, or in servers managed by our backup/hosting service providers. All these personal data may be disclosed with the recipients described below.

We disclose your personal data under the terms, conditions, and limits set forth herein, and with your express consent (when and if required) pursuant to Data Protection Laws.

Your personal data may be accessed within our organisation by in-house and external personnel who are duly appointed and trained, and who need to access such data as part of their job duties, and for the processing purposes set forth herein. We make sure that such persons are bound to all security and confidentiality duties as required.

Your personal data may be accessible to outside service providers we engage to process personal data on our behalf, pursuant to our instructions (as Data Processors). Included among Data Processors are:

External service providers we engage to provide professional, technical, and organisational services functional to Site management and to all activities carried out through the same. These may include, for example, product sales and related activities, managing the functions offered by the Site and by any programme or service you subscribe to or request via the site, as well as for services narrowly tailored to the processing purposes set forth above.

A list of Data Processors and their location is available upon request by emailing Data Processors are bound by contract to implement safeguards sufficient to protect personal data security and privacy.

Your personal data may be shared with other institutions, authorities, government agencies, insurance companies, professionals, independent consultants (as solo practitioners or within a firm or partnership), commercial partners, companies, or other legitimate recipients when and if permitted by law, such as for any legal proceeding, petition to a court or other authority with jurisdiction over the matter, or for any other legal duty, to protect and defend our rights, assets, and the Site.

Personal data shall not be disclosed to third parties for their marketing needs.

The recipients listed supra may be based in a country other than the one in which the personal data was originally collected. Your personal data, however, will only be shared within the European Economic Area or in other countries whose ability to provide adequate personal-data protection has been recognised by the European Commission.

Must I provide my personal data? What are the consequences of any refusal to submit my data?
For all data except navigation data (for that, please see the previous section, entitled, “What personal data are processed?”), the submission of personal data may be necessary to execute or perform under a contract (course enrolment or other service enrolment), as well as to provide specific services such as subscription to our newsletters, promotions, and other programmes, notice of which is provided through our Site or via other channels, responses to, and management of, informational enquiries, requests, correspondence, or feedback. In the above-described situations, any failure to provide your personal data will prevent us from discharging our duties under the contract, or providing the services / information requested, as noted supra.

Submission of your personal data for surveys, marketing, and other sales-related profiling, as described supra, is optional. Where required pursuant to Data Protection Laws, we will secure your consent before processing your personal data for the above-cited purposes.

Does the Site contain third-party-controlled elements? Who is responsible for, and liable for, such elements?
The Site may contain links to other sites, as well as third-party-controlled objects or elements.

One example are plug-ins connecting our Site to social networks like Facebook, LinkedIn, or Twitter (“social plug-ins”) usually identified with the logos of the various social networks. If you interact with a social plug-in on our Site, the browser may send the social network some of your personal data such as user ID, Site information, date, time, and other browser-related information. Such information shall be processed by the social networks (owned and managed by third parties) pursuant to their own privacy policies.

We have no access to, or control over, those elements, objects, plug-ins, cookies, web beacons, and other tracking objects/technologies owned and managed by third parties available on our Site or the third-party websites in question that users might access on or from the Site, nor over the personal-data processing methods used through such elements or sites. Therefore, we shall not be held liable for any such websites. Users are encouraged in such cases to review the privacy policy for any such third-party elements or websites available through the Site, and to become familiar with the terms and conditions applicable to such personal-data processing. Note, again, that this Privacy Policy applies exclusively to this Site.

What are my data processing rights, and how might I exercise them?
You have the right, at any time, to exercise those rights recognised under applicable Data Protection Laws including but not limited to: the right to access your personal data, to correct / erase or limit processing on the same, to object (i.e. to opt out of personal-data processing for marketing-related purposes at any time, free of charge), the right to data portability, as well as the right to revoke your consent. Furthermore, you have the right to lodge a complaint with the data protection authority (

For a summary of the aforementioned rights and how to exercise them, please review Appendix 1 of this Privacy Policy.

For any questions or concerns regarding Cefriel’s processing of your personal data, and to exercise those rights established by the Data Protection Laws, please contact us at:

Will There Be Updates to the Privacy Policy?
We reserve the right to update or amend the Privacy Policy, in whole or in part, and at any time, to the extent permitted by law. The most up-to-date version shall be posted to the Site. Should this Privacy Policy be amended, we shall notify you via a link to the updated policy posted to the Site’s home page (“Privacy Policy: Recent updates”) and/or by sending you a notice via a different channel (e.g. via email if known and permitted by law).

Appendix 1 – Rights of the Data Subject
As an individual whose personal data is processed in the manner appearing in the present Privacy Policy, you have a number of rights, which are described below. Please note that the exercise of these rights is conditioned on certain terms and criteria set forth in the laws in question.

Rights of Access
To the extent permitted by law, you have the right to obtain confirmation from us on whether your personal data has been subject to processing, and if so, to request access to such data including but not limited to the categories of personal data in question, the purposes for such processing, and the recipients or categories of recipients to whom they were sent. As we are likewise required to respect the rights and liberties of other parties, such right is not without limits. Should you ask for more than one copy of the personal data subject to processing, we may charge you a reasonable administrative processing fee.

Right to Correction
You have the right to ask that we correct any inaccurate personal data implicating you. Furthermore, depending on the processing purpose, you have the right to request incomplete personal data be supplemented. This may be done by submitting an affidavit.

Right to Erasure (the “Right to be Forgotten”)
You have the right to request that your personal data be erased in certain situations, as specified in applicable legislation. If your request falls into that category, we will work promptly to erase your data. Should we be unable, for technical/organisational reasons, to erase your personal data, we will make sure to render them completely and irrevocably pseudonymous, so that we are no longer in possession of actual personal data implicating you.

Right to Restriction of Processing
In some circumstances – as specified in applicable legislation – you have the right to request that processing on your personal data be restricted. In such cases, your personal data may only be processed (retention is exempted) with your consent or to determine, assert, or defend a right in a court of law, or to safeguard the rights of another natural or legal person, or to pursue a legitimate public interest.

Right to Data Portability
As specified under applicable law, you have the right to receive your personal data (which you provided us) in a structured, commonly used, and machine-readable format, as well as to submit such data (or have them directly forwarded by us) to another data controller, if technically feasible.

Right to Object
Under certain circumstances – as set forth by applicable law – you have the right to object for just cause based on your own particular situation to the processing of your personal data by us at any time. In doing so, you may request we refrain from further processing of your personal data unless we can demonstrate cognisable and legitimate reasons for processing that trump your interests, rights, and liberties, or for reasons relating to the determination, assertion, or defence of a right in a court of law, specifically in instances where the processing of your personal data is based on our legitimate interests or for statistical purposes.

Right to Object to Direct Marketing
Should your personal data be processed for direct marketing purposes, you have the right to object to such processing at any time (including to any profiling, to the extent it is related to direct marketing).

Right Not to be Subject to Decisions Based Exclusively on Automated Processing
Except in special circumstances, you have the right not to be subject to decisions based solely on automated processing – including profiling – that have legal consequences for you, or that have a similar, material impact on you as a person.

Right to Withdraw Consent
If you have provided your consent for any data processing as described herein, you may withdraw it at any time with effect for any processing thence forward. The withdrawal of consent shall not affect the lawfulness of any processing based on consent before its withdrawal.

If you wish to access your personal data or exercise any of the aforementioned rights, please send a written request along with a copy of your photo ID to:

Any correspondence from us regarding your rights as detailed supra shall be provided free of charge. However, we reserve the right to reject, or charge a reasonable fee for (based on any required administrative processing expenses incurred to provide information, correspondence, or to undertake the requested action) any requests that are patently baseless or excessive (especially when such requests are reiterated).

Should you believe that any processing implicating you has been performed in violation of applicable law, you have the right to lodge a complaint with the Data Protection Authority ( Please visit that website for the proper forms to file a complaint.

All trademarks published on this website belong to their respective owners and are published in compliance with current regulations.

All data relating to natural and legal persons are published on this site subject to the explicit authorization of the interested parties and in compliance with current regulations.

Except for other explicit indications, all the contents (or part of them) and any documents (or part of it) on this site are the property of CEFRIEL and are not subject to any third party rights.

The publication, reproduction, distribution, transmission, presentation, disclosure, sale, transfer or copying of all or part of the contents and / or documents of the site is prohibited, unless explicitly authorized by CEFRIEL.

Any contents (or part of them) or documents (or part of them) expressly reported as freely extractable and usable must in any case contain the explicit indication of CEFRIEL as the author.

The linking operations to the CEFRIEL site (at home page or inside pages) within third party sites are permitted without any authorization request.

CEFRIEL may at any time request removal from the site of third parties of the link to the CEFRIEL site. However, CEFRIEL’s right to compensation for damages in case of linking by sites with offensive or damaging content to CEFRIEL’s image is not prejudiced.