REGULATORY REFERENCES
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Directive 2002/58/EC - on the “processing of personal data and the protection of privacy in the electronic communications sector.”

DATA CONTROLLER
When consulting this website, data relating to identified or identifiable persons may be processed. The “Data Controller” is CIFA S.p.A., via Stati Uniti d'America 26 - 20030 Senago (MI).

PLACE OF DATA PROCESSING
The processing operations connected to the web services of this web site take place at the data controller's headquarters and are carried out only by technical staff specifically appointed to do so, or by persons in charge of occasional maintenance operations.

TYPES OF PROCESSED DATA
Navigation data
he computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of checking the correct functioning of the site and is deleted immediately after processing. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Data provided voluntarily by the user
The optional, explicit, and voluntary submission of personal data by the user in the registration forms on this site entails the subsequent acquisition of the data provided by the sender. This data will be processed by CIFA S.p.A., mainly by computer, in order to follow up on the user's request (e.g., request for information).

OPTIONAL NATURE OF DATA PROVISION
Apart from what has been specified for navigation data, the user is free to provide their personal data. However, failure to provide such data may make it impossible to obtain what has been requested.

METHOD OF PROCESSING
Personal data is processed, including with the aid of automated tools, for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. CIFA S.p.A. has adopted all the minimum-security measures required by law and, inspired by the main international standards, has also adopted additional security measures to minimize the risks relating to the confidentiality, availability, and integrity of the personal data collected and processed.

SHARING, COMMUNICATION, AND DISCLOSURE OF DATA
The data collected may be transferred or disclosed to other companies for activities strictly connected and instrumental to the operation of the service, such as the management of the IT system. Personal data provided by users who request information material (brochures, information material, etc.) is used for the sole purpose of performing the service or provision requested and is communicated to third parties only if this is necessary for that purpose (companies that provide enveloping, labeling, and shipping services). Outside of these cases, personal data will not be communicated or granted to anyone, except as provided for in the contract or with the authorization of the subjects. In this sense, personal data may be transmitted to third parties, but only and exclusively in the following cases: a) there is explicit consent to share the data with third parties; b) there is a need to share the information with third parties in order to provide the requested service; c) it is necessary to comply with requests from the Judicial Authority or Public Security. No data deriving from the web service is disclosed.

RIGHTS OF DATA SUBJECTS
The legislation on the protection of personal data expressly provides for certain rights for the subjects to whom the data refer (the so-called data subjects). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of the existence or otherwise of data concerning him or her, to obtain information on the origin and purposes and methods of processing, to update, restrict, rectify, integration of the data, and erasure of the data if processed in violation of the law or if one of the reasons specified in Article 17 of Regulation (EU) 2016/679 applies.
The data subject also has the right to lodge a complaint with a supervisory authority if they believe that the rights indicated herein have not been recognized.

CHANGES TO THESE PRIVACY POLICIES
CIFA S.p.A. periodically reviews its privacy and security policy and, if necessary, revises it in relation to regulatory, organizational, or technological changes. In the event of a change in policy, the new version will be published on this page of the website.

QUESTIONS, COMPLAINTS, AND SUGGESTIONS
Anyone interested in further information, contributing suggestions, or making complaints or objections regarding privacy policies or the way in which our Company processes personal data may do so by writing to privacy@cifa.com.