Privacy Policy


Provided that CFA Italia Srl and CFA Society Italy are joint controllers pursuant to a co-ownership agreement signed on 13/7/2022, with the common purpose of carrying out the objectives stated in CFA Italia Srl and CFA Society Italy and CFA Institute bylaws.

Pursuant European Regulation 679 27/04/2023 your personal data will be processed in accordance with the principles of fairness, lawfulness, minimisation, proportionality, necessity, transparency and protection of confidentiality and rights of each user.

  1. Scope of application of this policy
    This privacy policy exclusively applies to the online activities of this site and to visitors/users of the site. It does not apply to information collected through channels other than this website. The purpose of the privacy policy is to provide maximum transparency regarding the information the site collects and the use of that information.
  2. Provision of data and consequences of non-provision
    Providing your personal data by filling out the format available at the "Contact Us" section allows us to fulfil your request and to be able to best respond to your requests.
    Should you not intend to consent to the processing of your data for the abovementioned purposes, we will not be able to proceed to process your request and render you the requested service of response, advice and/or feedback.
  3. Subscription to the newsletter
    It is also possible to subscribe to the newsletter in order to receive e-mails with informative content, related to courses, initiatives, events and/or services offered by our companies. In this case, the provision of data is optional. The consent given when subscribing to the newsletter is revocable at any time. To stop receiving the newsletter, simply click on the "Unsubscribe" button. In case of technical problems, please send an e-mail to privacy@cfasi.it
  4. Principles applicable to the processing of your data
    This website processes user data lawfully and fairly, taking appropriate security measures and adequate organizational measures to prevent unauthorized access, disclosure, modification or destruction of data. The processing is carried out by means of computer and/or telematic devices, with organizational methods and logics strictly related to the indicated purposes and aimed at safeguarding and protecting your data.

    In some cases, in addition to the joint controllers, categories of people in charge within our companies or involved in the organization, management, interaction and maintenance of the website and related activities (administrative staff, marketing, legal, system administrators), or external parties (such as third party technical service providers, hosting providers, IT companies, web marketing companies, communication agencies, etc.) may have access to the data, if they are necessarily appointed as external data processors.
  5. Use of cookies
    The website does not use any computer techniques for the direct acquisition of personal identification data of the user or user profiling systems. You can find detailed information in the cookies policy.
  6. Time of storage and right of access
    Your data will be kept for as long as necessary to provide the requested services.
    You may at any time exercise your rights in respect of the joint data controllers pursuant to art. 15 of European Regulation 679/2016, which is summarised below:
    1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form.
    2. The data subject has the right to be informed on:
      • the origin of personal data;
      • the purposes and methods of processing;
      • the criteria applied in the event of processing carried out through electronic devices;
      • the identification details of the controller and of the persons in charge of the treatment, if any;
      • the subject or categories of subjects to whom the personal data can be transferred or who may have access to them in their capacity as controllers or appointed persons, in or outside the territory of the State;
    3. The data subject has the right to obtain:
      • the update, rectification or, when interested, integration of the data;
      • the erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or processed;
      • certification that the operations referred to in point 3) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared with the right protected.
    4. The data subject has the right to object, in whole or in part:
      • for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection, without prejudice to the possible consequences referred to in art. 2, paragraph 2.
      • to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
      • The aforementioned rights shall be exercised by means of a request addressed without formalities to the joint holders, also through an appointee, which shall be answered without delay. The request addressed to the joint data controllers may also be sent by registered letter to be addressed to CFA Italia Srl and/or CFA Society Italy, Milano, Via Gerolamo Borgazzi, 2 - 20122, or by e-mail to privacy@cfasi.it
      • If it is believed that the processing may have been carried out in a manner that does not comply with the Regulation, you may also appeal to the Supervisory Authority, pursuant to Article 77 of the Regulation.
    In the event of termination of processing for any reason, pursuant to art. 17 of European Regulation 679/2016, your data will be:
    • erased, once the preservation obligations imposed by art. 2220 of Codice Civile, art. 19 and 22 of D.P.R. no. 600/1973 (10 years) or other specific regulations have expired;
    • transferred to another data controller, provided that they are to be processed for the same or similar purposes for which the data are collected (pre-bankruptcy and similar or related proceedings, transfer of business or business unit; etc.) pursuant to art. 6, comma 1, letter b) Eur. Reg. 679/2016;
  7. Data controller

    The joint data controllers are CFA Italia Srl and CFA Society Italy, with registered office in Milan Via Gerolamo Borgazzi, 2 - 20122, e-mail privacy@cfasi.it.

    The list of appointed data processors is available at the joint data controllers legal office.

    The server where the Web Site is located is in the European Union.

    Your data will not be transferred to third party companies located outside the European Economic Area. Should such a transfer become necessary we will ensure that the recipients of your data have taken appropriate security measures to ensure data protection.

This privacy policy is updated to 30 January 2023

The joint data controllers: CFA Italia Srl and CFA Society Italy