• Membership

    More than 30,000 professionals make up the ecosystem of Cetif: we facilitate the meeting and exchange between banks, insurers and companies in an academic Center, competent and independent environment to share knowledge, experience and strategies on the most innovative drivers of change.

  • Research

    16 Research Hubs focused on dynamics of strategic evolution, regulatory updates, organizational and process practices, and the effects of digitization: we study innovation trends and best practices and share them with our communities.

  • Events

    Over 60 events including Main events (Workshop and Summit) and Community events (related to research activities) and Webinar: we bring together banks, insurance companies and businesses for shared growth on trends and challenges to outline innovative development strategies.

Privacy Cetif and Cetif Advisory

Cetif - Università Cattolica del Sacro Cuore


1. Foreword
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 on the "Protection of Individuals with regard to the Processing of Personal Data" (hereinafter also "GDPR"), we provide you with the requested information on the processing of personal data concerning you ("Data") carried out by Università Cattolica del Sacro Cuore (hereinafter also the"Università").

2. Identity and contact details of the Data Controller
The data controller is Università Cattolica del Sacro Cuore, with registered office at Largo Agostino Gemelli 1, 20123 Milan, tel. (+39) 027234.1.

3. Categories of Personal Data
The Data that University processes include, for example, Biographical Data, your image in digital format, Contact Data referring to you as a legal representative/Director/Reference Person in dealing withUniversità and its facilities (such as research centers) as well as, possibly, Data of its employees, collaborators and colleagues.

4. Purpose of processing and legal basis
Data may be processed for the following purposes:

  1. Registration for events organized by University as well as for sending communications related to educational offerings;
  2. Issuing and managing the credentials and online services that are made available to you;
  3. Performance of administrative, accounting, tax, and capital activities;
  4. If necessary, to enforce and/or defend the rights of Università Cattolica del Sacro Cuore in civil, criminal and/or administrative litigation, as well as to handle any disputes and/or complaints.

The legal basis for the processing is:

  1. For the purposes under a) and b), from the performance of the contract to which you are a party or the execution of pre-contractual measures, such as responding to requests for information. Otherwise, the legal basis legitimizing the processing of the Data of your employees, collaborators and colleagues is the legitimate interest of the Data Controller;
  2. For the purpose under (c), from fulfilling legal obligations;
  3. For the purpose of sub d), from the legitimate interest of the Owner.
    The provision of Data is not mandatory, but any refusal to provide your data and/or those of your employees, collaborators and colleagues will result in the objective impossibility for the University to pursue the above-mentioned purposes.

5. Modalities of processing
The processing of personal data is carried out by means of manual, computerized and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to ensure the security and confidentiality of the data in accordance with current regulations.

Personnel duly appointed as System Administrators may conduct navigational checks aimed solely at ensuring the operation and security of the system.

6. Data Retention Period
The University will process the Data for as long as necessary to pursue the above purposes, subject to any retention periods prescribed by law or regulation.

7. Categories of parties to whom the Data may be disclosed
Your Data may be communicated to:
- Public and private entities or competent Authorities;
- Banking Institutions.
The subjects belonging to the categories to which the Data may be communicated will carry out the processing of the Data themselves and use them, as the case may be, in their capacity as Data Processors expressly appointed by the Data Controller in accordance with the law, or rather as autonomous Data Controllers.

The list of designated data processors is constantly updated and available at the headquarters ofUniversità.

8. Transfer of personal data outside - EU
Personal data may be transferred to countries outside - EU, particularly in the case of services that are located outside the territory of the European Union (e.g. cloud storage). In this case, the Data Controller assures as of now that the non-EU data transfer will take place in accordance with the applicable legal provisions, e.g. after stipulating the standard contractual clauses adopted by the European Union.

9. Data Protection Officer (D.P.O.).
The University has appointed a Data Protection Officer (Data Protection Officer, D.P.O.), e - mail dpo@unicatt.it, whose name can be easily found on the website at http://www.unicatt.it/privacy.

10. Rights of the data subject
In your capacity as a data subject, you have the right to:

  1. Ask the Data Controller for access to the Data, their deletion, rectification of inaccurate Data, integration of incomplete Data, as well as restriction of processing in the cases provided for by Article 18 of the GDPR;
  2. Object, at any time, in whole or in part, to the processing of the Data necessary for the legitimate pursuit of the Data Controller's interest;
  3. In the event that the conditions for the exercise of the right to portability under Article 20 of the GDPR are present, receive in a structured, commonly used and machine-readable format the Data to the Data Controller, as well as, if technically feasible, transmit it to another Data Controller without hindrance;
  4. Withdraw consent given at any time;
  5. Propose complaints to the relevant supervisory authority.

These rights may be exercised, by registered mail, addressed to Università Cattolica del Sacro Cuore , Administrative Direction - Privacy, Largo Agostino Gemelli 1, 20123, Milan, or by e-mail at dpo@unicatt.it, specifying in the subject line "Exercise of the rights of the interested part" and indicating the reference structure through which relations with the University have taken place (e.g., research center CeTIF).



Cetif Advisory Ltd.

Information regarding the processing of personal data pursuant to Article 13 of "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC" ("GDPR").


Cetif Advisory S.r.l. would like to inform you about the purposes and methods of processing of personal data of natural persons under the GDPR that may be processed by Cetif Advisory S.r.l. as well as the related rights regarding such processing.

Purpose of processing and nature of main data processed.

Cetif Advisory S.r.l. processes personal data of individuals exclusively for the following purposes:Contractual purposes, inherent in the establishment and management of the contractual relationship;

1. Administrative purposes, inherent in the management of administrative relations related to the existing contractual relationship;

2. Commercial communication and marketing purposes;

3. Commercial and promotional communication purposes, social media publication of images and video-photographic footage;

4. Purpose of security and protection of corporate assets.

Personal data(Last Name and First Name; telephone contact details, e-mail, tax and bank details) are collected for the purpose of organizing and managing the contractual relationship and only with your express consent for commercial communication and marketing purposes.

Main data processing methods

Cetif Advisory S.r.l. minimizes the collection and processing of personal data to the strict minimum necessary in relation to the purposes pursued.

The data may be processed in hard copy and in computer mode.

Cetif Advisory S.r.l., after assessing the risks and where applicable the impact on the protection of personal data related to the loss of objectives of confidentiality, availability and integrity of the information processed, plans and takes the necessary technical and organizational measures to minimize these risks. This is also in order to ensure the resilience of the processing carried out as part of the more general need to ensure the continuity of the services provided.

Legal basis for processing

The processing of personal data for contractual and administrative purposes is necessary in order to establish and manage the contractual relationship and to fulfill related legal obligations.

The denial of consent to processing implies the impossibility of establishing and maintaining the contractual relationship and thus the provision of the service.

The processing of personal data for the purposes of commercial communication and marketing is optional and your consent is required. Denial of consent does not affect the provision of the service.

The processing of personal data for the purposes of publication on social media of images and video footage that may see you depicted during events is optional and your consent is required. The denial of consent does not affect the provision of the service except in the case of events the participation in the events themselves if it was not possible not to film her image directly or make it blurred and/or not recognizable, in case it results in group images.

Communication or dissemination of processed data

Cetif Advisory S.r.l. does not disseminate or disclose your personal information to third parties for purposes outside those highlighted above.

Treatment by third parties

Cetif Advisory S.r.l. may use for the processing of your data within the scope of the purposes listed above the help of third parties such as:

1. Administrative service providers, such as accountants;

2. Providers of technical support services on IT systems;

3. Cetif -Università Cattolica del Sacro Cuore;

4. Banking institutions.

In this case Cetif Advisory S.r.l. arranges for such parties to process your personal data exclusively for the purpose of carrying out their activities strictly related to the previously defined purposes and in compliance with appropriate technical and organizational data protection measures.

Disclosure and exercise of data subject's rights to processing

Cetif Advisory S.r.l., the data controller, wishes to inform you of your rights as a data subject under the GDRP. These rights are stated in Art. 13 of the GDPR and concern:

1. the right of the data subject to request access to personal data from the data controller;

2. the data subject's right to ask the data controller to rectify or erase them or to restrict processing;

3. the data subject's right to object to their processing;

4. the data subject's right to data portability;

5. the data subject's right to lodge a complaint with a supervisory authority.

Personal data retention period and benchmarks

Cetif Advisory S.r.l. stores processed personal data with reference to the following criteria:

1. compliance with the requirements applicable to the duration of the existing contractual relationship; 

2. compliance with administrative and fiscal requirements as per applicable regulations.

Data Controller

The Data Controller of your personal data is Cetif Advisory S.r.l., P.IVA/C.F. 11086920961, with registered office in Milan, Via Olona, 2, Milan.

For any inquiries regarding the processing performed on your personal data as well as for the exercise of your rights under Article 13 of the GDPR, you may refer to the Data Protection Officer at the following e-mail address: dpocetifadvisory@cetif.eu