Privacy Policy

Last updated: 17 March 2026

Italia Refinement
Piazza Francesco Guardi 15, 20133 Milan — Italy

1. Data Controller

The Data Controller responsible for your personal information is:

Italia Refinement
Piazza Francesco Guardi 15, 20133 Milan — Italy
Email: info@italiarefinement.com

Although we do not currently have a designated Data Protection Officer (DPO), we remain fully committed to addressing your privacy concerns. Should you have any questions or require further information about how we manage personal information, please contact us at the address above.

2. Information We Collect

We collect personal data through various interactions with our website (italiarefinement.com), our services, and direct communications with you. The types of personal information we may process include:

Identity data: name, surname, and any title you choose to share.
Contact data: email address, telephone number, billing address.
Transaction data: details of products or services you have purchased from us, including invoicing records.
Technical data: IP address, browser type and version, device identifiers, time-zone setting, operating system, and platform.
Usage data: information about how you use our website, including pages visited, navigation paths, and session duration.
Marketing & communication preferences: your preferences regarding receiving marketing communications from us.

We only process information that is essential for delivering our services, complying with legal obligations, or enhancing your experience. We do not collect any special categories of personal data (such as health, biometric, or genetic data) unless you provide it voluntarily.

3. Purposes of Processing

We are dedicated to serving our clients to the highest standard. Our primary goals in processing your information include:

Enhancing your experience: understanding your needs and preferences to improve our platform and service offerings.
Providing support: responding to inquiries, service requests, and providing timely assistance.
Improving our services: analysing usage patterns to develop new features and offerings that meet evolving demands.
Business operations: conducting necessary activities such as billing, account management, and invoicing.
Analysis & development: improving website functionality, design, and the services we offer through data-driven insights.
Direct marketing: with your explicit consent, sending promotional communications about new products, special offers, or other information we believe may interest you.

We process your personal information transparently and in accordance with your preferences and applicable privacy laws. Data is used solely for the purposes for which it was collected and in ways that you have authorised.

4. Legal Basis for Processing

In accordance with Article 6 of the General Data Protection Regulation (GDPR), we rely on the following lawful bases when processing your personal data:

4.1 Contractual Necessity (Art. 6(1)(b))

Processing that is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract. This covers transaction processing, service delivery, invoicing, and account management.

4.2 Consent (Art. 6(1)(a))

Where you have given clear, affirmative consent for a specific purpose. This applies to direct marketing communications, the placement of non-essential cookies (analytics and marketing), and newsletter subscriptions. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

4.3 Legitimate Interest (Art. 6(1)(f))

Processing that is necessary for the legitimate interests pursued by Italia Refinement, provided those interests are not overridden by your fundamental rights and freedoms. This covers website analytics for improving our services, fraud prevention, and ensuring network and information security.

4.4 Legal Obligation (Art. 6(1)(c))

Processing that is necessary for compliance with a legal obligation to which we are subject, including tax and accounting requirements, responses to lawful requests from public authorities, and record-keeping obligations under Italian and EU law.

5. Data Storage & Security

The security of your personal information is paramount. We employ a variety of measures to protect the integrity and confidentiality of the data we collect.

Storage Location

Personal information is stored on secure servers located within the European Union. For services that require international data transfer, we ensure that such transfers comply with all applicable laws and maintain data protection standards equivalent to those within the EU.

Hosting Partners

We partner with reputable data hosting providers committed to state-of-the-art security measures, selected on the basis of their adherence to stringent data protection standards.

Security Measures

We implement appropriate technical and organisational measures, including encryption of data during transmission and storage, regular security assessments, and access controls to protect your data from misuse, interference, loss, unauthorised access, modification, or disclosure.

We continually review and update our security practices in response to evolving threats and advancements in technology.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Specific retention periods depend on the nature of the information and the purposes for processing it.

Once the retention period expires, personal data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual.

8. International Data Transfers

We may transfer your personal information to locations outside of the European Economic Area (EEA), including to countries that may have different data protection laws. Any such transfers are conducted with the utmost care and in compliance with the GDPR, relying on mechanisms such as:

EU Standard Contractual Clauses (SCCs): approved by the European Commission to ensure an adequate level of protection.
Adequacy decisions: transfers to countries recognised by the European Commission as providing an adequate level of data protection.

Your rights regarding the processing and transfer of your personal information remain fully protected regardless of where your data is processed or stored. If you have any questions about international data transfers, please contact us at info@italiarefinement.com.

9. Cookie Policy

We use cookies and similar tracking technologies on our website to ensure its proper functioning, to analyse traffic, and to personalise your experience. Below is a detailed overview of the cookies we use.

9.1 What Are Cookies?

Cookies are small data files placed on your device when you visit a website. They enable the site to remember your preferences and collect information about your browsing behaviour. Tracking technologies such as web beacons and pixel tags help us understand how you interact with our site.

9.2 Types of Cookies We Use

Category	Purpose	Consent Required
Strictly Necessary	Essential for core website functionality, including security, session management, and accessibility. The website cannot operate properly without these cookies.	No — these are exempt under the ePrivacy Directive.
Analytics (Google Analytics)	Collect anonymised data on how visitors use our website — pages visited, session duration, bounce rate. This helps us understand usage patterns and improve our services. Data is processed in accordance with our agreement with Google and may involve transfers to servers outside the EU under Standard Contractual Clauses.	Yes — opt-in consent required before activation.
Marketing (Meta Pixel, Google Ads)	Enable us to measure the effectiveness of our advertising campaigns and deliver relevant advertisements. The Meta Pixel tracks conversions from Facebook and Instagram ads; Google Ads cookies help us serve targeted advertising and measure campaign performance.	Yes — opt-in consent required before activation.

9.3 Your Choices & Consent

Upon your first visit, our website will present you with a cookie consent banner, where you can:

Accept all cookies — consent to the use of all categories listed above.
Reject non-essential cookies — only strictly necessary cookies will be set.
Customise your preferences — choose which categories of cookies you wish to allow.

You can change your cookie preferences at any time by visiting our Cookie Settings page or by adjusting the cookie settings in your web browser.

9.4 How to Opt Out

In addition to our cookie consent banner, you can manage cookies through:

Browser settings: most browsers allow you to block or delete cookies. Consult your browser's help section for instructions.
Google Analytics Opt-out: install the Google Analytics Opt-out Browser Add-on.
Meta (Facebook) Ad Preferences: adjust your settings at facebook.com/adpreferences.
Google Ads Settings: manage your preferences at adssettings.google.com.

Please note that disabling certain cookies may affect the functionality of our website.

10. Direct Marketing

We may use your personal information to send you direct marketing communications about our products, services, and promotions that we believe may be of interest to you. Our marketing practices are transparent, lawful, and fully compliant with the GDPR and the ePrivacy Directive.

Obtaining Consent

Opt-in consent: we will obtain your explicit opt-in consent before sending you direct marketing communications, as required by law. You will always have the opportunity to actively consent before receiving any promotional messages.
Unsubscribe option: every marketing communication includes clear instructions on how to unsubscribe. You can exercise your right to opt out at any time, and we will promptly honour your request.

Types of Direct Marketing Communications

We may use your personal information to send direct marketing communications via email. We do not engage in unsolicited telephone marketing or SMS campaigns.

Managing Your Preferences

You have full control over the communications you receive. You can manage your preferences by clicking the unsubscribe link in any email we send, or by contacting us directly at info@italiarefinement.com.

11. Your Rights Under the GDPR

Under the General Data Protection Regulation, you have a number of important rights with respect to your personal data. We are committed to making it easy for you to exercise them.

Right of Access (Art. 15)

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain a copy of that data together with information about how it is being used.

Right to Rectification (Art. 16)

If any personal information we hold about you is incorrect or incomplete, you have the right to request its correction or completion without undue delay.

Right to Erasure — "Right to Be Forgotten" (Art. 17)

You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or in other circumstances specified by law.

Right to Restriction of Processing (Art. 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of data you have contested.

Right to Data Portability (Art. 20)

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (Art. 21)

You have the right to object to the processing of your personal data at any time, including processing for direct marketing purposes. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent (Art. 7(3))

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint (Art. 77)

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In Italy, the competent authority is the Garante per la Protezione dei Dati Personali (garanteprivacy.it).

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@italiarefinement.com. We will respond within 30 days in accordance with applicable law. In some cases, we may need to verify your identity before processing your request.

12. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal information from a child under 16 without appropriate parental or guardian consent, we will take steps to delete that information as promptly as possible. If you believe that a child has provided us with personal data, please contact us at info@italiarefinement.com.

13. Data Breach Notification

We take proactive measures to safeguard your personal information. In the event of a personal data breach that poses a risk to your rights and freedoms, we follow clear procedures to identify, assess, and mitigate the impact, in full compliance with the GDPR.

Detection & Assessment

We employ robust security monitoring systems to detect potential breaches promptly. Upon discovery, we conduct a thorough assessment to determine the nature, scope, and potential impact of the breach.

Notification

Supervisory authority: where required by law, we will notify the competent data protection authority (the Garante per la Protezione dei Dati Personali) within 72 hours of becoming aware of the breach.
Affected individuals: if a breach poses a high risk to your rights and freedoms, we will notify you without undue delay, providing clear information about the breach, the data involved, and the steps you can take to protect yourself.

Support

In the event of a breach, we are committed to providing you with the guidance and support you need. If you have any questions or concerns, please contact us immediately at info@italiarefinement.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the revised policy on our website and updating the "Last updated" date at the top of this page. Where required by law, we will seek your consent before applying changes that affect the way we process your personal data.

We encourage you to review this page periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please do not hesitate to contact us: