Privacy Policy



CEFA, Association of Families for Education and Culture, is a non-profit organization registered under No. 59 in the register of private legal persons of the Lazio region, which has been involved in promoting educational paths for children and families for more than 40 years.

LEGAL REASON: CEFA - Association of Families for Education and Culture (hereafter CEFA)

HEADQUARTERS: Via G.B. de Rossi, 48 -00161 Rome

TEL: +39 06 44254120

C.F.: 97056150580

P.I.: : 03779471006

mail: – 



The staff of CEFA Association of Families for Education and Culture strives to ensure the completeness and accuracy of the information on this website; however, there may be errors, inaccuracies or outdated information for which CEFA assumes no responsibility. Should errors be pointed out, they will be corrected.

In addition, the site may have links to external sites over which CEFA can exercise no control and for which it assumes no responsibility.

The exact compliance of any texts containing normative references cannot be guaranteed. Therefore, for legal purposes, the only valid texts remain those published in the Official Gazette or official organs, which prevail in case of discrepancy.

CEFA assumes no responsibility for any problems that may arise as a result of using the site or any external sites linked to it.

This disclaimer is not intended to circumvent compliance with requirements prescribed by applicable national legislation, nor to exclude liability in cases for which it exists under the same legislation.


It should be noted that the logo, graphics, programming, content, images, and documents contained on this site were created by CEFA with the technical support of Save The Cut. Therefore, only CEFA is authorized to use, disseminate and/or modify them. Where third-party content is present, the source is cited.



Welcome to our website ( hereinafter also "site"). For CEFA - Association of Families for Education and Culture - (hereafter also "CEFA"), your privacy and the security of your personal data are very important, not least because we deal with people and their educational journeys on a daily basis and we try to do this to the best of our ability.

For this reason, we collect and handle your personal data with the utmost care and take technical and organizational measures to avoid losing, spreading, or doing other processing for which we are not authorized.

The detailed information, the same information that the EU Reg. No. 2016/679 on Personal Data Protection (abbreviated as GDPR) requires us to provide, but also some other information that we think you may find useful, you will find listed below.

Before explaining our Privacy Policy in full, which may also be referred to as the "Policy," we anticipate that some services may be subject to specific legal terms; in such cases, we will take care to provide you, from time to time, with all the appropriate information: when necessary, therefore, such additions will be set out in the relevant contractual documents.

This Privacy Policy refers only to and does not cover any websites 

possibly consulted or accessed through hypertext links or widgets (e.g., social networks) posted on the Site but referring to resources outside the domain of CEFA, the data controller.

We want you to be clear about why, how and when we may process your data: for any clarification, question or need related to your privacy or to exercise your rights, as recognized by the European legislation regarding the processing of your personal data (see paragraph 13 below). Therefore, should the information in our Privacy Policy not be clear to you or should you have any doubts, please do not hesitate to contact us at any time by sending a request to


The website is managed by the non-profit organization CEFA - Association of Families for Education and Culture - based at Via G.B. de Rossi, 48 in Rome, which acts as an autonomous Data Controller for all activities related to the management of school enrollments, recruitment and the management of contacts and requests for information. Specifically, among the activities that may involve the processing of personal data through the site are those related to: 

  • The application for enrollment in the various classes in each curriculum cycle of CEFA Schools
  • The request to book an OPEN DAY to learn about the teachers, the Educational Project and the spaces of CEFA Schools
  • the request for information to the useful contacts listed on the site
  • The submission of one's application to work in CEFA SCHOOLS.
  • The receipt and handling of an appreciation towards our work or a complaint 

In addition, we may also have to process your data to fulfill legal obligations or because we have ongoing litigation.

To do all this CEFA acts, therefore, as an autonomous Data Controller through its legal representative Angelo Caparello.


With reference to the processing purposes indicated in the next section, we process a relatively small number of types of personal data about you.

Automatically collected navigation data The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.

This data, necessary to navigate the Site and to enjoy the information it contains, is also processed by the owner for the purpose of:

  • To obtain aggregate and anonymous statistical information regarding the use of the Site (most visited pages, number of visitors by time slot or daily, geographical areas of origin of visitors, etc.);
  • Check the correct usability of the content offered by the Site;
  • prevent or counteract any possible computer malfeasance, fraudulent use of the features available on the site, including for the purpose of reconstructing security incidents and tracking them

Data provided voluntarily by the user. The data we process depends on the service we provide to you and how we provide it. For example:

  • Open Day booking service: child's first and last name, gender, parent's first and last name, e-mail, phone, education cycle, location of interest;
  • Enrollment service: master and contact data of the child and parents collected through, which is referred to;, cui si rimanda;
  • WORK WITH US service: first name, last name, date of birth, gender, residence, educational qualifications, e-mail, class of competition, resume.
  • Request for information or contact: we process the data that you voluntarily transmit to us through your communication and we encourage you to provide us only those that are strictly necessary;

Cookies. The site uses cookies. Use is made of:

a) technical cookies necessary to ensure that you can navigate the site, facilitate the proper navigation of the site and the usability of content by the user (legal basis the contractual fulfillment art. 6.1. lett.b) of the GDPR as functional and necessary).

(b) analytical cookies used to process aggregate statistical analysis of usage and interaction with the Site by users. Subject to your consent (legal basis the contractual fulfillment art. 6.1. lett.b) of the GDPR as functional and necessary).

The site does not use profiling cookies. 

Information on data processing, the purpose, duration and complete management of cookies, including their consent and revocation, can be found in the "Cookie Management" document also found in the footer.

Social Media Policy: Information about the processing of personal data made through the Social Media platforms used. For information about the processing of personal data carried out by the operators of the Social Media platforms, please refer to the information rendered by them through their respective privacy policies. CEFA, as Data Controller, processes personal data conferred by users through the pages of the dedicated Social Media platforms, as part of its corporate promotion and advertising purposes, in order to manage interactions with the users themselves (comments, public posts, messages, shares, etc.) in compliance with current legislation on the protection of personal data and this privacy policy; where necessary, the user's consent is collected, informing from time to time on the purposes and the optional nature of the conferment. Personal or "sensitive" data included in public comments or posts within social media channels may be removed.

The platforms used are:


CEFA, as the Data Controller, processes your personal data for different purposes; although there is no hierarchical order, we have preferred to divide the purposes themselves between "main" purposes, including those that occur more frequently (paragraph 3.1), and "secondary" purposes (paragraph 3.2, which are, on the other hand, less usual). Thus, in paragraphs 3.1 and 3.2 we state the purposes for which we process your data and, in addition, specify the reasons (legal bases) for which we process your data with respect to the stated purposes, in addition to what has already been stated above for cookies.


CEFA processes your data primarily for the following purposes:

  1. to collect and process the application for enrollment in the various classes of each cycle of studies of CEFA Schools (legal basis pre-contractual fulfillment art. 6.1 lett.b of GDPR)
  2. To collect the request for booking an OPEN DAY to learn about the teachers, the Educational Project and the spaces of CEFA Schools(legal basis the pre-contractual fulfillment art. 6.1 lett.b of GDPR)
  3. To enable the collection of applications to work in CEFA SCHOOLS (legal basis pre-contractual fulfillment art. 6.1 lett.b of GDPR)
  4. the receipt and handling of an appreciation towards our work or a complaint (legal basis pre-contractual fulfillment art. 6.1 lett. f of the GDPR)
  5. handle any litigation (legal basis the pre-contractual fulfillment art. 6.1 lett.f of the GDPR)


CEFA also processes your data for the following purposes: 

  1. fulfill requests for information: through the site you can request information about the services offered by our institution by sending an email to the addresses indicated in the CONTACTS section.

CEFA processes the personal data you provide through these methods and may require additional data in order to better formulate the response to your request (legal basis pre-contractual fulfillment art. 6.1 lett.b of the GDPR)

  1. Handle requests to exercise personal data protection rights. Such processing is necessary to fulfill a legal obligation to which CEFA is subject (legal basis pre-contractual fulfillment art. 6.1 lett. c of the GDPR)
  2. to fulfill other legal or contractual obligations to which CEFA is subject in its role as Holder (legal basis pre-contractual fulfillment art. 6.1 lett.f of the GDPR)
  3. prevent and suppress fraud and abusive behavior (including by third parties) contrary to applicable regulations, applicable contractual provisions, rules of fairness and good faith (legal basis the pre-contractual fulfillment art. 6.1 lett.f of the GDPR). If requested, CEFA can provide further and more detailed information in this regard having also performed a special balancing assessment

Apart from what is specified for navigation data, you are free to provide the personal data requested to take advantage of the services provided through web or contact information.

Failure to provide data for the fields marked with an asterisk may result in the inability to take advantage of the service offered.


Your personal data may only be accessed by CEFA's duly trained personnel (employees and collaborators), as well as third parties (suppliers and/or partners) who have been adequately selected by CEFA and offer suitable guarantees of compliance with the rules on the processing of personal data. These third parties may carry out, on the basis of a special designation by CEFA (each of them limited to the processing within its competence) their activities as "Data Processors" and will operate, therefore, under the direct responsibility of the Data Controller who designated them. Such individuals, for example, include: internet providers, email manager, companies specializing in IT services, freelancers operating on behalf of CEFA, or as "autonomous Data Controllers." CEFA provides Data Controllers with a set of instructions whose full compliance these entities must ensure and, if necessary or possible, conducts audits. In some cases the Processors are extraordinarily large entities and we do not have the strength to impose our own rules but are forced to "'suffer theirs": in these cases we choose them because of the guarantees they can provide and we take care to read carefully their rules on how they will treat our and your data. 

Similarly, the Managers we appoint may refer to Sub-Managers who are sometimes entities with whom, because of their size, it is impossible for CEFA to have stable direct contact. 

Again, neither we, nor our Managers, have the slightest opportunity to exercise any bargaining power, but we always try to understand the criteria of choice and evaluate the reasons behind the choices made.

In addition, your personal data may also be communicated to third parties when communication is required by applicable laws and regulations with respect to legitimate third party recipients of communications, such as authorities and public bodies that process your data as autonomous Holders for their respective institutional purposes.

You can request an updated list of those to whom we disclose his or her information by contacting us at 

This site may share some of the data collected with services located outside the European Union area. In particular with Instagram, Facebook and Microsoft (LinkedIn), Twitter via social plugins, the Google Analytics service. 

CEFA, therefore, as a data controller, may transfer personal data to countries outside the EU. If there is a need, guarantee measures will be taken for the transfer in respect of the recipients, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in transposition of EDPB Recommendation 01/2020. Notwithstanding these safeguards, for data processing (in ref. of Art. 49 GDPR), where applicable the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer is verified.


Pursuant to Article 5 GDPR, your automatically collected data are kept, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation, including for security purposes or in accordance with the deadlines provided for by law, subject to any need for the investigation of crimes by the Judicial Authority.

The data voluntarily provided by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed and in accordance with applicable legal or regulatory obligations, except for any subsequent storage for statistical purposes that provides for the anonymization of such data (subject to any need for the detection of crimes by the Judicial Authority).

Regarding technical data managed by the site, such as cookies, the period is defined by the technical characteristics of cookies defined in the paragraph below.


You may contact CEFA as Data Controller at any time, at the contact details specified below, to exercise, when applicable, your rights recognized by the GDPR and, in particular:

  • to have confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to and a copy of such personal data ("right of access");
  • to rectify of your personal data, i.e. to obtain the correction, amendment or updating of any inaccurate or no longer correct data, as well as to obtain the integration of incomplete personal data, including by providing a supplementary statement ("right of rectification")
  • request the deletion of your personal data when they are, in particular, no longer necessary in relation to the purposes for which they were collected or processed, or have been processed unlawfully, or must be deleted in order to comply with a legal obligation, or, finally, you have objected to their processing (see "right to object") and there is no overriding legitimate reason for CEFA to proceed with the processing anyway ("right to erasure" or "right to be forgotten");
  • Obtain the restriction of the processing of your personal data, i.e., that CEFA retains such data without, however, being able to use them, subject to your possible requests and exceptions provided by law. This right may be exercised only when, in particular, you dispute the accuracy of the personal data and for the period necessary for the Data Controller to verify the accuracy of such personal data; or the processing of the data is unlawful and you request the restriction of its use, rather than its deletion; or although CEFA no longer needs the data for the purposes of processing, the personal data are necessary to you for the establishment, exercise or defense of a legal claim; or you have objected to their processing (see "right to object"), pending verification as to whether the legitimate reasons of the Data Controller outweigh those of the data subject (right to limitation);
  • request your data or transfer it to a party other than the Data Controller ("right to data portability"): you may request to receive the data we process pursuant to your consent or pursuant to the contract entered into, in a structured, commonly used, machine-readable format. If you so desire, where technically possible, we may at your request transfer your data directly to a third party you designate to us;
  • Submit a Complaint to one of the competent Data Protection Supervisory Authorities, if you believe that the processing of your personal data has been carried out in an unlawful manner ("right to lodge a Complaint"). In Italy, a complaint can be submitted to the Garante per la Protezione dei Dati Personali ( through this link:

In addition, as a data subject, you also enjoy the "right to object," that is, to:

  • object at any time, for reasons related to your particular situation, to the processing of your personal data carried out in pursuit of a legitimate interest of the Data Controller; however, we exclude marketing or profiling purposes as we do not process data for such purposes. In this case, CEFA will refrain from further processing your personal data, unless it can demonstrate that the processing is based on legitimate grounds such as compelling reasons or for ascertainment or even for the exercise or defense in court and that these rights prevail over those of the data subject and his or her freedoms.
  • proceed to requests for revocation of consent, where applicable

In order to ensure that the rights described above are fully respected and that our users' data are not violated or illegally accessed by third parties, before granting your request to exercise one of the rights indicated, we may ask you for some information in order to ascertain your identity or to obtain clarification of the request made. For this purpose, only in these very rare cases, we may ask you for some additional data.

The exercise of rights is not subject to any formal constraints and is free of charge and may be exercised by writing to:


The features, functionality and services offered by CEFA and may change in the future and, as a result, this Privacy Policy may be modified and supplemented over time. We encourage you, therefore, to periodically check its contents. We will, however, provide you with appropriate notice of any significant changes to this Privacy Policy.


CEFA does not use your personal data in order to send WEB PUSH NOTIFICATION to your devices: if we decide to do so in the future, you would be asked, obviously with adequate advance notice, for your consent. It is not our practice to send personalized notifications to our users about new services: rather, we invite you to consult our website (which we keep constantly updated) so that you can get timely updates on our services, or you can contact us at


We adopt specific technical and organizational security measures in order to safeguard the confidentiality of the personal data of our pupils, their parents and potential stakeholders in the activities of our schools, our staff and teachers, our suppliers and partners, and those who contact us. The measures are designed to prevent your personal data from being used illegitimately or fraudulently.

We would like to remind you to take suitable and constant precautions when navigating the site for example, to keep your login credentials in the restricted area strictly confidential or to change them periodically; although, at the moment, our site does not have a restricted area, except through a link to another external site, the possibility remains that such a feature will be implemented in the future and, therefore, we would like to point out to you right now the need to pay attention, both for your and our protection, to this specific aspect. 


The Data Controller for the purposes of paragraph 3 is CEFA - Association of Families for Education and Culture with headquarters in via G.B. de Rossi, 48 -00161 Rome.

CEFA has appointed a Data Protection Officer who can be reached at
For any clarification, question or need related to yourprivacy or to exercise ¡ your rights recognized by the GDPR (see section 7) you can contact us by sending a request to or to our PEC address



We took time to write our Privacy Policy drawing inspiration from models on the WEB that we found particularly efficient and inspiring, and trying to adopt a language that was understandable and capable of being interpreted by the reality of CEFA Schools.

If you would like to suggest additions or changes to be made to our Privacy Policy, we would be happy to welcome and consider your suggestions: in this regard, please contact us at

Last updated December 2023



This cookie policy refers exclusively to the website and should be understood as part of its Privacy Policy.

Cookies are text files that each Web site sends to those who access the site and are transmitted back from the user's computer to the Web site on the next visit. The website uses cookies and similar technologies to ensure the proper functioning of procedures and improve the experience of using online applications. This document provides detailed information on the use of cookies and similar technologies.

Cookies are small text files that sites visited by the user send and store on your computer or mobile device, only to be transmitted back to the same sites on your next visit. It is precisely because of cookies that a site remembers the user's actions and preferences (such as, for example, login details, chosen language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit said site or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session tracking and storage of information regarding the activities of users accessing a site, and may also contain a unique identifier code that allows tracking of the user's navigation within the site itself for statistical or advertising purposes. In the course of browsing a site, users may also receive on their computer or mobile device cookies from sites or web servers other than the one they are visiting (so-called "third-party" cookies). Some operations could not be accomplished without the use of cookies, which in some cases are therefore technically necessary for the very operation of the site.

There are various types of cookies, depending on their characteristics and functions, and these can remain on the user's computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user's equipment until a predetermined expiration date.

Under current Italian law, the use of cookies does not always require the user's express consent. In particular, "technical cookies", i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require such consent. These are, in other words, cookies that are indispensable for the operation of the site or necessary to perform activities requested by the user.

TECHNICAL COOKIES, which do not require express consent for their use, include:

  • navigation or session cookies that ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas);
  • functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g., language, products selected for purchase) in order to improve the service rendered to the user.

For PROFILING COOKIES vice versa, i.e. those aimed at creating profiles related to the user and used for the purpose of sending advertising messages in line with the preferences expressed by the user in the context of web browsing, prior user consent is required.


Third-party cookies are managed by a website other than that the user is visiting. This is because there may be elements (images, maps, sounds, specific links to web pages on other domains, etc.) on each site that reside on servers other than the one being visited.

The site may also receive cookies managed by sites of other organizations aimed at the presence of parts of the visited page generated directly from these sites, integrated into the website and carrying social network content (Linkedin, Twitter, Facebook) to be shared or related to the use of services provided by the indicated third parties; it is also possible that these third parties use such cookies for profiling.

The Site uses the following types of cookies, and offers the possibility to de-select them, except for third-party cookies for which the user should refer directly to the relevant ways of selecting and de-selecting the respective cookies, indicated by means of links:


Our site uses different types of cookies each of which has a specific function, we report the categories as shown in the table below. 

Name of the cookie



Due date


Used for targeting purposes to profile the interests of website visitors and display relevant and personalized Google advertisements.

1 year 11 months 27 days


Create a profile of website visitors' interests to show relevant and personalized ads through retargeting.

2 years


Cookies used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.

1 year 11 months 27 days


Cookie used to build a profile of the visitor so that relevant and personalized Google ads can be shown.



Cookie used to build a profile of the visitor so you can show relevant and personalized Google ads

1 year 10 months 24 days


Cookies used to collect information about visitors' use of the site whenever web pages containing Google services are visited.



Used by Google Maps to store user preferences when viewing maps (PREF) and to track visitor behavior

2 years


Used by Google Maps to store user preferences when viewing maps (PREF) and to track visitor behavior

2 years


Allows Google to collect information about users for videos posted on YouTube. Used by Google to store digitally signed and encrypted records related to a user's Google Account ID and their most recent login date

1 year 9 months 27 days


The "APISID" cookie is used to play YouTube videos embedded on the website.

1 year 9 months 27 days


Provides information about how the end user uses the website and any advertisements the user may have viewed before visiting the website

2 months 30 days


Used by Google reCAPTCHA for risk analysis.

6 months


Some cookies and other technologies are used to prevent spam, fraudulent activity, and abuse. For example, AEC cookies ensure that requests within a browsing session are made by the user and not by other sites.

6 months


It allows servers to mitigate the risk of CSRF attacks and information loss by stating that a given cookie should only be sent with requests initiated by the same registrable domain.

5 months 2 days


Used by Google to store user choices related to cookies

2 years


The NID cookie contains a unique ID that Google uses to remember your preferences and other information, such as your preferred language (e.g., English), how many search results you want to display per page (e.g., 10 or 20), and whether you want Google's SafeSearch filter to be enabled

6 months 1 day


Used by Google to provide advertising

1 month


Cookies used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.

9 days


Used by Facebook to store browser details.

2 years


Used by Facebook to store a unique session identifier

3 months




Used by Facebook to store a unique user identifier

30 days


Google Analytics

Used by Google Analytics to limit the frequency of requests.

1 day

We use our own and third-party cookies for purposes: technical (necessary for navigation), analytical (for statistics), and tracking/profiling cookies (related to Your preferences) to show you personalized advertising based on your browsing of pages on the site. You can accept all cookies by pressing the "Accept all cookies" button, continue by clicking "Use only necessary cookies" or manage your preferences by clicking "Customize". In order to revoke the consent given and/or view full information about data processing click here: Cookie Management (link can be found at the bottom of all pages) Cookie Management

Users can decide whether or not to accept cookies using their browser settings.

Disabling all or part of technical cookies does not affect the use of Cefa's website functionality.

L’impostazione può essere definita in modo specifico per i diversi siti e applicazioni web.

The setting can be defined specifically for different sites and web applications.

Internet Explorer:

Google Chrome:

Mozilla Firefox:

Apple Safari:

For more general information on cookie operation and profiling techniques, you can visit the EDAA (European Interactive Digital Advertising Alliance) website at


When visiting a website, you may receive cookies either from the site you visit ("owners") or from sites operated by other organizations ("third parties"). An example are the "social plugins" from Facebook, Twitter, Istagram and LinkedIn. These are parts of the visited page generated directly by the aforementioned sites and integrated into the page of the host site. The most common use of social plugins is for the purpose of sharing content on social networks.

The presence of these plugins results in the transmission of cookies to and from all sites operated by third parties. The management of information collected by "third parties" is governed by the relevant disclosures to which please refer. For the sake of transparency and convenience, below are the web addresses of the various disclosures and cookie management methods:

For some videos on the site, an "advanced privacy (no cookies)" option has been enabled, which makes YouTube not store information about visitors unless they voluntarily play the video.