Contacts

Privacy Policy

Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

Cefla S.c., in its capacity as Data Controller (hereinafter: "Cefla" or "Controller") pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "Regulation") and Legislative Decree no. 196/2003 (Personal Data Protection Code, hereinafter "Code") – considers privacy and the protection of personal data as one of the main objectives of its activities.

We therefore invite you, before communicating any personal data to the Controller, to read this Privacy Policy carefully as it contains important information on the protection of your personal data.

This information notice:

  • is intended for the website www.anthos.it;
  • constitutes an integral part of the Site and the services we offer;
  • is provided, pursuant to Articles 13 and 14 of the Regulation, to those who interact with the web services of the Site, both through simple consultation and through the use of specific services made available through the Site, as well as other services provided via the Site.

Regarding the processing of browsing data and the processing of personal data through cookies, please refer to: https://www.anthos.it/en/cookie-policy

The processing of your personal data will be based on the principles of correctness, lawfulness, transparency, purpose and storage limitation, data minimization and accuracy, integrity and confidentiality, as well as the principle of accountability referred to in Art. 5 of the Regulation. Your personal data will, therefore, be processed in accordance with the legislation on the protection of personal data and the confidentiality obligations provided for.

By "processing of personal data" we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure, or destruction.

1. DATA CONTROLLER 

 The Data Controller is Cefla S.c., Via Selice Provinciale, 23/A - 40026 - Imola (BO), VAT NUMBER 00499791200, PEC ceflasc@legalmail.it.

The Controller has not appointed a Data Protection Officer ("DPO") pursuant to Art. 37 GDPR. Being established within the Union territory, they have not appointed a representative in the territory. 

2. PERSONAL DATA SUBJECT TO PROCESSING 

We inform you that the personal data subject to processing may consist of:

  • name and surname, email addresses, profession, address, telephone number.

3. PURPOSES OF PROCESSING

Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:

  • 3.1 To allow the use of the Site, in accordance with the applicable general conditions > Terms and Conditions.
  • 3.2 To respond to specific requests addressed to the Controller, also in relation to after-sales, including Customer Assistance requests and information submitted by filling out the relevant contact forms on the Site.
  • 3.3 To send you commercial communications and proposals, including newsletters (the contents of which you can customize), through automated tools (SMS, MMS, email, instant messaging, and chat) and non-automated tools (paper mail, telephone).

 4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING 

Section Purpose Legal Basis (Art. 6 GDPR) Nature of Consent Consequences of Refusal
3.1 Provision of services Lett. b) – performance of contract Not required Consent is not necessary; however, in case of failure to provide data, it will not be possible to provide services related to the website.
3.2 Response to requests Lett. f) – legitimate interest Not required Consent is not necessary; however, in case of failure to provide data, it will not be possible to respond to your requests.
3.3 Marketing Lett. a) – consent Optional Optional consent, revocable at any time; does not affect services. Without consent, marketing communications cannot be sent.

 

5. RECIPIENTS OF PERSONAL DATA 

Your personal data may be shared, for the purposes referred to in Section 3 of this Privacy Policy, with:

  • 5.1. Persons authorized by the Controller to process personal data pursuant to Artt. 29 and 2-quaterdecies of the Code (e.g., personnel in sales, administration and accounting, after-sales assistance, CRM, IT systems management).
  • 5.2. Third parties who, in providing services (e.g., technological services, assistance and consultancy in accounting, administrative, legal, tax and financial matters, technical maintenance, transport services, banking and insurance services), act as data processors pursuant to Art. 28 of the Regulation. The Controller maintains an updated list of appointed data processors and guarantees its inspection by the data subject at the headquarters indicated above or upon request.
  • 5.3. Third parties appointed to carry out the activities referred to in this information notice with whom the Data Controller has entered into commercial agreements.
  • 5.4. Subjects, entities, or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders from authorities. These subjects are collectively defined as "Recipients".

6. TRANSFER OF PERSONAL DATA 

The processing of the data subject's personal data will be carried out according to the principles of correctness, loyalty, and transparency, through manual, computer, and electronic tools with logic strictly related to the purposes of the processing and, in any case, in such a way as to guarantee the security and confidentiality of the data.

With reference to service purposes, personal data will be stored for the period strictly necessary for the relevant contractual fulfillment and in compliance with the legal terms for storage.

With reference to marketing purposes and subject to the withdrawal of consent by the data subject, personal data will be stored for a maximum period of 24 months from the date of provision and, in any case, within the limits permitted by current legislation. At the end of the processing period, the data must be deleted or permanently anonymized.

 7. STORAGE OF PERSONAL DATA 

 Your personal data will be entered and stored, in accordance with the principles of minimization and storage limitation referred to in Art. 5.1.c) and e) of the Regulation, in the Controller's information systems. 

Section Purpose Storage Period
3.1 Provision of services connected to the website 24 months
3.2 Response to requests 24 months
3.3 Marketing 24 months

 

8. RIGHTS OF THE DATA SUBJECTS

You, as the Data Subject, can exercise the rights referred to in Articles 15-22 of the GDPR and withdraw the consents provided at any time without prejudice to the lawfulness of the processing carried out before the withdrawal.

Right to Object

As a Data Subject, you have the right to object in the following terms:

  • The right to object at any time, for reasons related to your particular situation, to the processing of Personal Data concerning you pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR.
  • Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling to the extent that it is related to such direct marketing.
  • In the event of an objection to processing for direct marketing purposes, the personal data are no longer processed for these purposes.
  • Where your personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, you have the right to object for reasons related to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Furthermore, you are the holder of other rights summarized below:

  • Right of access: Right to obtain confirmation as to whether or not personal data concerning you are being processed and access to such data.
  • Right of rectification: Right to obtain the rectification of inaccurate personal data without undue delay.
  • Right to erasure (Right to be forgotten): Right to obtain the erasure of your personal data or to withdraw consent.
  • Right to restriction of processing: Right to obtain the restriction of processing when specific hypotheses occur.
  • Right to data portability: Right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object to commercial communications: Right to object at any time, free of charge, to receiving commercial communications.
  • Right to lodge a complaint: Right to lodge a complaint with the Supervisory Authority (Garante Privacy).
How to exercise your rights

Requests can be exercised, after identification of the data subject, by sending:

  • A PEC (certified email) to: cefla@legalmail.it
  • A Registered Letter with return receipt to: Imola (BO), Via Selice Provinciale n. 23/A.

9. COMPLAINT TO THE SUPERVISORY AUTHORITY 

 If you believe that the processing of your Personal Data by the Controller violates the GDPR, you have the right to lodge a complaint with the Privacy Guarantor (Garante Privacy), as provided for by Art. 77 of the GDPR, or to seek judicial remedy (Art. 79 of the GDPR). 

10. CHANGES

The Controller reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in applicable legislation. The Controller therefore invites you to visit this section regularly to take note of the most recent and updated version. If the Controller substantially modifies the Privacy Policy, providing for new processing purposes and/or categories of personal data processed, it will inform you, requesting the necessary consents, via a pop-up on the site or other IT methods/tools.

Imola, 30/03/2026