Personal data processing policy – Information document pursuant to Articles 13 and 14 of the GDPR (General Data Protection Regulation) 2016/679.

In compliance with Regulation (EU) 679/16 (GDPR), we are providing you with the required information on processing of the personal data that you provide. This policy does not apply to any other websites that can be consulted through the links present on the domain websites of the controller, who shall not be held liable in any for the websites of third parties.

1) Titolare, responsabile e luogo del trattamento


The controller is Cellini Caffè EKAF S.p.A. – – registered and administrative office Lungotorrente Secca 3r, 16163, Genova in the person of the pro tempore legal representative.


Processing is performed at the offices of the Controller and at the offices of the external parties identified.

2) Types of data processed

Personal data and browsing data

«personal data»: any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Browsing data

The computer systems and software procedures used for functioning of this website acquire certain personal data during their normal operation, the transmission of which is implicit in use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects but, due to its nature and as a result of processing and association with data held by third parties, could allow users to be identified.
This data category includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

Data provided voluntarily by the user.

Optional, explicit and voluntary sending of e-mails to the addresses indicated on this website and/or compiling of specific data collection forms leads to subsequent acquisition of the sender’s address, which is necessary to respond to requests, together with any other personal data entered.


See the cookie policy on the following page: Cookie Policy

3) Purposes of processing for which consent is given, where required (Art. 6 GDPR)

A) Personal data, provided voluntarily, will be processed for the following purposes:

  • browsing on this website;
  • filling out of any data collection forms to request estimates and/or contacts and/or to submit candidacies;
  • filling out of any data collection forms for on-line booking;
  • administrative and accounting activities in general.

For purposes of application of the provisions on personal data protection, the processing performed for administrative and accounting purposes is the processing associated with the performance of organisational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these purposes are pursued through internal administrative activities, those serving for fulfilment of contractual obligations and those prior to entering into a contract and for informational activities.

B) The personal data provided by filling out the data collection forms present on the websites or data collection forms in general (such as first name, surname, e-mail address) will be processed, after consent is given, by the Controller or by the Processors, for promotional and sales activities and for sending newsletters via e-mail.

4) Processing and storage methods

Processing will be performed by automated means and manually, with methods and tools that guarantee the utmost security and confidentiality, by parties specifically appointed in compliance with Articles 13-14 of the GDPR. The data will be stored for a period of time no longer than the one necessary to the purposes for which the data has been collected and subsequently processed.

5) Ambito di comunicazione e diffusione

Your processed data will not be disclosed, but could be communicated to companies contractually linked to Cellini Caffè EKAF S.p.A, in order to comply with contracts or related purposes. The data might be communicated to third parties in the following categories:

  • parties who supply services for management of the information system used by Cellini Caffè EKAF S.p.A. and telecommunications networks;
  • firms or companies as part of assistance and consultancy relationships;
  • the competent authorities for fulfilment of legal obligations and/or orders of the public authorities, on request.

The parties in the above categories act as Data Processors or operate totally independently as separate Controllers. The list of processors is constantly updated and available at the offices of Cellini Caffè EKAF S.p.A – registered and administrative office: Lungotorrente Secca 3r, 16163, Genova. Any further communication or disclosure will only take place with your explicit consent.

6) Nature of providing the data and refusal

Other than what is specified for browsing data, the user is free to provide personal data. Providing the data for the purposes of point A) is obligatory. Refusal to provide the data for the purposes of point A) will make it impossible to obtain what is requested or to use the services of the Controller. Giving consent to processing of the data for the purposes of point B) is optional. Refusal to give consent for the purposes described in point B) will not have any negative effect for the purposes of point A).

7) Rights of the data subject

You may exercise your rights as expressed by Articles 12 to 23 of the GDPR by contacting the Controller, or the Processor, at our offices by telephone on number 010716541, or by sending an e-mail to the address

As the data subject, you have the rights indicated in Article 15 of the GDPR, and specifically to rights to:

  • obtain confirmation as to whether or not personal data concerning you exists, even if not registered, and whether it is communicated in intelligible form;
  • obtain indication of:
    • a) the origin of the personal data;
    • b) the processing purposes and methods;
    • c) the logic applied when processing is performed using electronic mediums;
    • d) the identity of the controller, the processors and the represented appointed pursuant to Article 5(2) of the Privacy Code and Article 3(1) of the GDPR;
    • e) the parties or the categories of parties to whom the data may be communicated or who may learn it as the appointed representative in the territory of the State, managers or processors;
  • obtain:
    • updating, rectification or supplementing of the data;
    • erasure, conversion into anonymous form or blocking of data processed illegally, including data which does not need to be stored in relation to the purposes for which it has been collected and subsequently processed;
    • certification that the operations of letters a) and b) have been explained, even only in terms of their content, to anyone to whom the data itself has been communicated or disclosed, unless this is impossible or would involve a use of resources which is manifestly disproportionate to the right being protected;
  • object, in full or in part:
    • a) for legitimate reasons, to processing of the personal data concerning you, even for the reasons for which it has been collected;
    • b) to processing of personal data concerning you to send advertising or direct sales material or to conduct market surveys or make business communications, using automated call systems without an operator, via e-mail and/or with traditional marketing methods by telephone and/or ordinary mail.

Where applicable, you also have the rights indicated in Articles 16 to 21 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), and also the right to lodge a complaint with the Supervisory Authority. You can obtain, at any time, confirmation as to whether or not personal data concerning you exists, on communication of that data and the purposes on which processing is based. You can also obtain erasure, conversion into anonymous form or blocking of data processed illegally, and the updating, rectification or, where you have a legitimate interest, supplementing of the data. You can also object to processing, for legitimate reasons.

8) Changes to the privacy policy

The controller reserves the right to alter, update, supplement or remove parts of this privacy policy, at its own discretion and at any time. The data subject is required to check periodically for any changes. In order to make it easier to check for any changes, the policy itself will contain an indication of the date when it has been updated. Use of the website after publication of the changes signifies acceptance of them.

9) Social network plug-ins

Our web pages could use Social Network plug-ins (e.g., managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). If you access one of our web pages with a plug-in of this kind, the browser will connect directly to the social network page and the plug-in will be displayed on the screen due to connection with the browser. Before using these plug-ins, please consult the privacy policies of the social networks themselves, which are on their official pages.