Privacy Policy


pursuant to articles 13 and 14 of EU Regulation 2016/679 (GDPR)


Who decides the methods and purposes of the processing?

Cercol S.p.A. is the data controller , i.e. the subject who, pursuant to art. 4 of the GDPR establishes the purposes and means of processing personal data. Below you can find the contact details of Cercol S.p.A.:

Address: Viale Jenner, 4 20159 – Milan Italy

Telephone and Fax : +39 0536 801007 and +39 0536 804860



In this disclosure, reference is made to Cercol S.p.A. also as " Company " or "Owner".


What data do we collect?

While browsing the website ("Site") we collect various personal data to pursue the purposes of the treatment listed in the following paragraph. In particular, we process common data, including:

  • technical navigation data , acquired from the computer systems and software procedures used to operate the Site itself, during their normal operation. These are personal data whose transmission is implicit in the use of Internet communication protocols, which are not collected to be associated with identified interested parties but which, by their very nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses, the domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data, necessary for the use of web services, are also used to obtain anonymous statistical information on the use of the Site as well as to check its correct functioning and are canceled immediately after processing. The data may also be used to ascertain responsibility if computer crimes are committed or attempted against the Site.
  • cookies and similar technologies, for which please refer to the dedicated information;
It should be noted that this Privacy Policy is intended to be applicable only to data processing carried out on the Site and not also to processing carried out on different and additional websites, albeit accessible via links present within the Site itself.


For what purpose do we process user data?

The processing of user data is carried out for various purposes:

1. technical administration and management of the functioning of the Site;

2. fulfillment of legal obligations established by applicable national and supranational regulations;

3. assessment, exercise or defense of the rights of the Data Controller in court and/or out of court.

What condition makes the treatment lawful?

In order to be lawful, the treatment must be based on an adequate legal basis:

1. execution of the contract of which the interested party is a part, pursuant to art. 6, par. 1, lit. b) GDPR (navigation on the Site);

2. fulfillment of a legal obligation to which the Data Controller is subject, pursuant to art. 6, par. 1, lit. c) GDPR;

3. pursuit of the legitimate interest of the Data Controller or of third parties, pursuant to art. 6, par. 1, lit. f) GDPR.

We keep your data for a period of time that varies according to the purposes of the processing:

1. for the entire duration of the navigation;

2. for the time required by the legislation applicable from time to time;

3. for the entire duration of the judicial or extrajudicial litigation, until the time limits for appeal actions have expired.

Once the storage terms indicated above have elapsed, the data will be destroyed or made anonymous, compatibly with the technical cancellation and backup procedures and with the accountability requirements of the Data Controller.

Is the provision of data necessary?

T he navigation data are necessary to implement the IT and telematic protocols underlying the functioning of the Site; therefore, their failure to provide them would not allow the functioning of the Site itself. As regards the data required within specific sections of the Site (e.g. registration), please refer to the specific information.

To whom could we pass the data?

The user's data may be communicated to subjects operating as Data Controllers such as, by way of example, supervisory and control authorities and bodies, people, companies, associations or professional firms that provide assistance and consultancy services, and in general by public and private subjects, entitled to request the data.

The user's data may be processed, on behalf of the Data Controller, by subjects appointed as Data Processors, who are given adequate operating instructions including, by way of example, companies that offer website and information system maintenance services;

For the complete list of those responsible, you can request to the email


Who are the subjects authorized to process the data?

The data may be processed by employees of the corporate functions responsible for pursuing the aforementioned purposes, who have been expressly authorized for processing and who have received adequate operating instructions pursuant to articles 29 of the GDPR and 2 quaterdecies of Legislative Decree 196/2003, as amended and adapted by Legislative Decree 101/2018.

Can the data be transferred to non-EU countries?

No data transfers are foreseen outside the European Economic Area (EEA) , as far as the treatments in question are concerned.

What are the rights of the interested party?

By contacting the Company via e-mail at, users can request access to data concerning them, their rectification , integration or cancellation, limitation of treatment in the cases provided for by 'art. 18 GDPR as well as the opposition to the treatment in the hypotheses of legitimate interest of the owner.

Furthermore, in the event that the treatment is based on consent or on the contract and is carried out with automated tools, the interested parties have the right to receive the data in a structured format, commonly used and readable by an automatic device, as well as, if technically feasible , to transmit them to another holder without impediments.

Interested parties have the right to revoke the consent given at any time , as well as to oppose - for reasons related to their particular situation - the processing carried out to pursue the legitimate interest of the owner. Interested parties may revoke and manage their consent through the indicated channels, or by contacting the Data Controller by e-mail at the address This revocation will not affect the lawfulness of the treatment based on the consent given before the revocation.

Finally, interested parties have the right to lodge a complaint with the competent Supervisory Authority .

Keep in touch

Subscribe to our newsletter to get Cercol news