Privacy Policy

updated to the EU Reg 2016/679

(European Regulation on the protection of personal data)



The Cfc S.r.l., having its registered office in Via G. Di Vittorio 21/B2 40013 Castel Maggiore (BO); P. IVA : 06761220968 takes the user’s privacy seriously and undertakes to respect it. This privacy policy (“Privacy Policy”) describes the processing of personal data carried out by the Cfc S.r.l. through the site and the related commitments undertaken in this regard by the Company. Cfc S.r.l. may process the personal data of the user when he visits the Site and uses the services and functionalities present on the Site. In the sections of the Website where the personal data of the user is collected, specific information is normally published pursuant to art. 13 /15 of the Reg. UE 2016/679. If required by the Reg. UE 2016/679 the user’s consent will be required before proceeding to the processing of his / her personal data. If the user provides personal data of third parties, he must ensure that the communication of data to Cfc S.r.l. and the subsequent processing for the purposes specified in the applicable privacy information is in compliance with Reg. UE 2016/679 and applicable legislation.

We, therefore, inform you, pursuant to art. 13 of the Reg. UE 2016/679 that the processing of your personal data takes place in a manner that guarantees security and confidentiality, and is carried out using paper, computer and/or electronic media, as detailed in this information notice.

We, therefore, invite you, before communicating any personal data to the Owner, to read this Privacy Policy carefully because it contains important information on the protection of your personal data.

This Privacy Policy:

  • is intended for the site (from now on: “Site”);
  • is an integral part of the Site and the services we offer;
  • is made pursuant to art.13 of the Reg. UE 2016/679, to those who interact with the web services of the Site, both by simple consultation and through the use of specific services made available through the Site

The Owner can be contacted at:

This document has been prepared pursuant to art. 13 of the Reg. UE 2016/679 (below: “Regulation“) in order to let you know our privacy policy, to understand how your personal information is handled when you use our sites ( collectively below “Site”) and, if applicable, to give consent to the processing of your personal data. The information and data provided by you or otherwise acquired in the use of the services rendered by the Cfc S.r.l. through the site will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of the Cfc S.r.l.

According to the rules of the Regulations, the treatments carried out by the company Cfc S.r.l. through the site will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, minimization of data, accuracy, integrity and confidentiality.




  1. The data controller
  2. The personal data processed
    1. Navigation data
    2. Special categories of personal data
    3. Data provided voluntarily by the interested party
  3. Purpose of the processing
  4. Legal basis and mandatory or optional nature of the processing
  5. Recipients of the personal data
  6. Storage of the personal data
  7. Rights of the interested party
  8. Modifications
  9. Cookie
  10. Security measures




  1. The Data Controller and Responsible for the Protection of Personal Data

The data controller carried out through the Site is the company Cfc S.r.l., in the person of the legal representative pro tempore, with registered office in Via G. Di Vittorio 21/B2 40013 Castel Maggiore (BO); P. IVA: 06761220968 as defined above, reachable at the address


  1. The personal data processed

Following the navigation of the Site, we inform you that the Cfc S.r.l. will process your personal data which may consist of an identifier such as the name, an identification number, an online identifier or one or more elements characteristic of your physical, economic, cultural or social identity suitable for making the interested party identified or identifiable ( below only “Personal Data”).

The Personal Data processed through the Site are the following:

Contact details such as name, surname, email and telephone. Special data may be processed, freely provided by you “in your request”

    • a. Navigation data. The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their nature could, through the processing and association with data held by third parties, allow the identification of the users. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or third parties: except for this eventuality, the data on web contacts do not persist for more than seven days.
    • b. Special categories of personal data. In the use of the “Contacts” section of the Website, a conferment of your Personal Data may be included in the special categories of the Personal Data pursuant to art. 9 of the Regulation, verbatim data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify an individual, data relating to health or sexual life or sexual orientation of the person. We invite you to communicate such data only where strictly necessary. Indeed, we would like to remind you that in the event of the transmission of special categories of Personal Data, but in the absence of a specific consent to process such data (which in any case obviously allows you to send a curriculum vitae), Cfc Srl cannot be held responsible in any way, nor can it receive disputes of any kind, since in this case the treatment will be allowed as having as object the data clearly made public by the interested party, in compliance with the art. 9(1)(e) of the Regulation. However, we specify the importance, as already mentioned above, of expressing explicit consent to the processing of special categories of Personal Data, where such information is shared.
    • c. Data provided voluntarily by the interested party. In the use of some Website Services, may be affected the processing of the Personal Data by third parties sent by you to Cfc S.r.l. through the site . With respect to these hypotheses, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, it confers on the point the widest indemnity with respect to any dispute, claim, claim for compensation for treatment damage, etc. that should arrive at Cfc S.r.l. by third parties whose Personal Data have been processed through your use of the Web site’s functions in violation of the applicable personal data protection laws. In any case, if one provides or otherwise processes Personal Data of third parties in the use of the Site, it guarantees from now – assuming all related responsibilities – that this particular processing hypothesis is based on an appropriate legal basis pursuant to art. 6 of the Regulation that legitimates the processing of the information in question.


  1. Purpose of the processing

Your personal data, once collected, is processed for the following purposes:

Purposes Legal basis
A. Execution, management and/or fulfilment of contractual obligations, also with reference to pre-contractual agreements, or subsequent agreements or specific orders (including the fulfilment of the related administrative, accounting, tax and legal obligations). The treatments put in place for these purposes are necessary for the fulfilment of contractual obligations and do not require specific consent from the interested party.
B. Fulfil obligations provided by laws, regulations, European legislation, or by provisions issued by the Authority and by Supervisory and Control Bodies. The treatments in place for these purposes are necessary for the fulfilment of legal obligations and to make the requested service available to you, and do not require specific consent from the interested party.
C. Detect your experience of using our web services, as well as the products and services we offer, and ensure the proper functioning of the web pages and their contents. The treatments put in place for these purposes are based on a legitimate interest of the Data Controller and do not require specific consent from the data subject.
D. Send commercial communications relating to promotions and/or other offers, in the interest of the Data Controller or other companies connected to the Data Controller. The treatments put in place for these purposes are carried out with the specific consent provided by the user, except for commercial communications relating to products and / or services similar to those already purchased and / or signed by the user for which the processing is based on a legitimate interest of the owner.
E. Perform profiling activities, or analysis and processing of customer information, to your preferences, habits, consumption choices and/or web browsing experiences. The processing operations carried out for these purposes are carried out with the specific consent provided by the user, except for the analysis of elementary information relating to your consumption preferences.

Personal data may be processed by Cfc S.r.l. specifically authorized pursuant to art. 4 paragraph 10 of the EU Regulation which deals with data under specific indications by the Data Controller. Your personal data will also be transmitted to third parties that we use to provide our services; these subjects have been adequately selected by us and offer a suitable guarantee of compliance with the rules on the processing of personal data. These subjects have been appointed as data controllers pursuant to art. 28 of the EU Regulation, and are required to carry out their activities according to the specific instructions given by the Owner and under his control. These third parties may belong to the following categories: financial operators, internet providers, companies specialized in IT services; couriers; companies that carry out marketing activities; companies specialized in market research and data processing. A specific and updated list of these subjects is available at the headquarters of the Data Controller and can be consulted at the request of the interested party. Your data may also be transmitted to the police and judicial and administrative authorities, in accordance with the law, for ascertaining and prosecuting crimes, preventing and safeguarding threats to public security, and for allowing Cfc Srl to exercise or protect a proper or third party right before the competent authorities, as well as for other reasons connected with the protection of the rights and freedoms of others.


  1. Legal basis and mandatory or optional nature of the processing

The legal basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c) is art. 6(1)(b) of the Regulations as the processing is necessary for the provision of the Services or for the verification of requests from the interested party. The conferment of the Personal Data for these purposes is optional but failure to provide such data would make it impossible to activate the Services provided by the Site. The purpose referred to in section 3.c represents legitimate processing of Personal Data pursuant to art. 6 (1) (c) of the Regulation. Once the Personal Data has been provided, the processing is indeed necessary to fulfil a legal obligation to which Cfc S.r.l. is subject. For treatments carried out for the purpose of sending direct advertising material or direct sales or for carrying out market research or commercial communications relating to products or services of Cfc Srl similar to those requested by you, Cfc Srl may use without your consent, e-mail and paper mail addresses within the limits and to the extent permitted by the provision of the Data Protection Authority of 19 June 2008; the legal basis for the processing of your data for this purpose is art. 6(1)(f) of the Regulations. In any case, pursuant to art. 21 of the Regulation, you have the opportunity to object to this processing at any time, initially or during subsequent communications, easily and free of charge, also by writing to the Owner or at the addresses indicated above, and to obtain an immediate confirmation that you confirm the interruption of this treatment (Article 15 of the Regulation).


  1. Recipients of the personal data

Your Personal Data may be shared, for the purposes referred to in section 3 above, with:

  1. subjects that typically act as data processors pursuant to art. 28 of the Regulation ie: i) persons, companies or professional offices that provide assistance and consultancy services to Cfc Srl in accounting, administrative, legal, tax, financial and credit recovery related matters regarding the provision of Services ; ii) subjects with whom it is necessary to interact in order to provide the Services (for example hosting providers) iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively “Recipients”); the list of data processors who process data may be requested from the Data Controller.
  2. subjects, bodies or authorities, autonomous data controllers, to whom it is mandatory to communicate your Personal Data by law or by orders of the authorities;
  3. persons authorized by Cfc S.r.l. to process Personal Data pursuant to art. 29 of the Regulations necessary to carry out activities strictly related to the provision of Services, which are committed to confidentiality or have an adequate legal obligation of confidentiality (eg employees of Cfc S.r.l.).


  1. Storage of the personal data

We inform you that your data will be stored for a limited period of time, which varies according to the type of processing activity and the specific purposes of the same, as illustrated below:

  • data collected to conclude and execute contracts for the purchase of goods or services: the data will be stored until the administrative-accounting formalities are completed. The data related to invoicing will be kept for ten years from the invoice date;
  • User’s data registered on a portal / website: the data will be stored until you request your profile’s cancellation;
  • payment data: the data will be kept until payment is received and the related administrative-accounting formalities are completed;
  • data collected in the context of the use of services offered by Cfc S.r.l. these data are stored until the termination of the service or the cancellation of the registration to the service by the User;
  • data connected to requests from users to the Customer Service – Contacts: the data necesssary to assist you will be kept until your request is satisfied;
  • CV: for six months from receipt;
  • data provided for commercial communications activities, opinion polls and market research: up to the request by the user to interrupt the activity and in any case within 2 years from the last interaction of any kind of the interested party with Cfc S.r.l. At the end of these periods, your data will be permanently deleted or in any case anonymized in an irreversible way by Cfc S.r.l.


  1. Rights of the interested party

You can make an objection request to the processing of your data pursuant to art. 21 of the GDPR in which you give evidence to justify your objection: the Data Controller reserves the right to evaluate the request, which would not be accepted in the case of the existence of legitimate and binding reasons to proceed to the treatment that prevails over your interests, rights and freedoms. Requests should be sent in writing to the Owner.

We inform you that you have the right to exercise the following rights in relation to the personal data covered by this information, as provided and guaranteed by the Regulations:

  • Right of access and rectification (articles 15 and 16 of the Regulations): you have the right to access your personal data and to request its correction, modification or integration. If you wish, we will provide you with a copy of your data in our possession.
  • Right to the data cancellation (Article 17 of the Regulation): in the cases provided for by the current legislation, you can request the cancellation of your personal data. Once your request has been received and analyzed, we will end the processing and delete your personal data, if found it to be legitimate.
  • Right to the limitation of treatment (Art. 18 of the Regulation): you have the right to request the limitation of the processing of your personal data in the case of unlawful processing or disputing the accuracy of personal data by the interested party.
  • Right to data portability (Art. 20 of the Rules): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Owner, in the cases provided in the article above.
  • Right of objection (Art. 21 of the Rules): you have the right to object, at any time, the processing of your personal data based on our legitimate interest, explaining the reasons that justify your request; before accepting it, the reasons for your request need to be evaluated.
  • Right to propose a complaint (Art. 77 of the Rules): you have the right to propose a complaint, with the competent Guarantor for the protection of the Personal Data, if you believe that a violation of your rights has taken place or is in progress with reference to the processing of your personal data. Further information about the rights of the interested party can be obtained by asking the Owner for a complete extract of the articles mentioned above.


  1. Modifications

This privacy policy is effective from May 25, 2018. Cfc S.r.l. reserves the right to modify or simply update the content, in part or completely, also due to changes in the applicable legislation. Cfc S.r.l. will inform you of these changes as soon as they are introduced and they will be binding as soon as they are published on the Site. Cfc S.r.l. therefore invites you to regularly visit this section to gain knowledge of the most recent and updated version of the privacy policy in order to be always updated on the usage of the collected data made by Cfc S.r.l..


  1. Cookie

This cookie policy refers exclusively to the site (“Site”) and must be understood as an integral part of the Privacy Policy of the same.

  1. Definitions, characteristics and application of the legislation.

Cookies are small text files that the sites, visited by the user, send and record on their computer or mobile device, to be re-transmitted to the same sites at the next visit. Thanks to cookies a site remembers the user’s actions and preferences (such as, for example, login data, the chosen language, font sizes, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit site or browse from one page to another of it. Cookies are therefore used to perform computer authentication, session monitoring and storage of the information regarding the activities of users accessing the site and may also contain a unique identification code that allows users to keep track of the user’s navigation within of the site itself for statistical or advertising purposes. During the navigation on the site, the user can also receive on his computer or mobile device cookies of sites or web servers other than the one he is visiting (c.d. third-party cookies). Some operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the site to function. There are various types of cookies, depending on their characteristics and functions, and they can remain on the user’s computer or mobile device for different periods of time: session cookie, which is automatically cancelled when the browser is closed; persistent cookies, which remain on the user’s equipment until a set deadline. According to the legislation in force in Italy, for the use of cookies, the explicit consent of the user is not always required. In particular, the “technical cookies”, ie those used just for the purpose of transmitting a communication over an electronic communication network, or in the measure strictly necessary to provide a service explicitly requested by the user, do not require this consent. In other words, these cookies are indispensable for the functioning of the site or necessary to perform activities requested by the user. Among the technical cookies, which do not require explicit consent for their use, the Italian Data Protection Authority (see Measure Identification of simplified procedures for the information and the acquisition of consent for the use of cookies May 8, 2014, hereinafter only “Measure”) also includes:

  • “cookie analytics” where cookies are used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site;
  • navigation or session cookies that guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas);
  • functional cookies, which allow the user to browse according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the same.

For “profiling cookies”, ie those aimed at creating user profiles and used in order to send advertising messages in line with the preferences shown by the user in the context of web browsing, prior consent is required by the user.

  1. Types of cookies used by the Site

The Site uses the following types of cookies, and offers the possibility of de-selecting them, except for third-party cookies for which the user must refer directly to the relevant selection and de-selection of the respective cookies, indicated by means of links:

  • Technical cookies – navigation or session – strictly necessary for the operation of the Site or to allow the user to take advantage of the contents and services requested by the contents;
  • Analytics cookies, which allow the site manager to understand how this is used by users. These cookies do not collect information on the user’s identity or any personal data. The information is treated in aggregate and anonymous form;
  • Functional cookies, used to activate specific features of the Website and a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered;
  • Profiling cookies, aimed at creating profiles related to the user and used in order to send advertising messages in line with the preferences shown by the user in the context of web browsing;


  1. Security measures

We are committed to protecting your personal data with specific technological and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. We test, verify and regularly evaluate the effectiveness of the safety measures, in order to guarantee continuous improvement in the safety of the treatments.