PRIVACY POLICY
Last updated on 12 March 2026
Consent
By using our website, you hereby consent to our Privacy Policy and agree to its terms.
Information
Prep Investment Banking / WEPREP di Bracci Gianluigi
Website: prepinvestmentbanking.com
Controller: WEPREP di Bracci Gianluigi
Primary contact for privacy requests: admin@prepinvestmentbanking.com
Main processors/platforms: Wix, Thinkific, Stripe, PayPal
1. Data Controller
For the purposes of Regulation (EU) 2016/679 ("GDPR") and any other applicable data protection laws, the data controller for personal data collected through the website and the related services is WEPREP di Bracci Gianluigi, Via Pietro Tacchini 29, 00197 Rome, Italy, VAT No. 16748251002.
General contact details: bracci.gianluigi@gmail.com; PEC: prepib@pec.it; telephone: +39 340 8399244.
For privacy requests, including requests for access, rectification, deletion, restriction, objection, portability or withdrawal of consent where applicable, data subjects may write to admin@prepinvestmentbanking.com.
2. Scope of This Policy
This Privacy Policy explains how personal data is collected, used, stored, disclosed and otherwise processed when individuals visit the website prepinvestmentbanking.com, contact the business through website forms, subscribe to marketing communications, book calls or consultations, register for or access courses made available through Thinkific, and complete related purchases using external payment providers such as Stripe or PayPal.
This policy is intended to cover the main data processing activities connected with the public website, the course-delivery environment and the related customer communications. Where a service is provided through a third-party platform, the relevant third-party provider may also process personal data under its own privacy documentation and contractual terms.
3. Categories of Personal Data Processed
The business may process, depending on the specific interaction, identification data such as first name and surname; contact data such as email address and telephone number; the contents of messages submitted through the contact form or booking form; course registration and learner account data collected through Thinkific; transaction-related data needed to confirm enrolment or payment status; and technical or usage data generated by the website or the platforms used to provide the service.
In practical terms, the website contact forms collect name, surname, email address and the text voluntarily inserted by the user. The booking flow collects name, email address and phone number and may also record the user’s acceptance of applicable terms and conditions. The Thinkific course flow collects name, surname and email address and is connected to the payment flow operated by the relevant payment service provider.
4. Sources of Personal Data
Personal data is collected primarily directly from the data subject, for example when a person fills out a website form, books a call, subscribes to a newsletter, registers for a course, purchases a course, or otherwise communicates with the business.
Some information may also be generated automatically through the functioning of the website, the hosting environment, security systems, session management tools or platform features made available by Wix or Thinkific.
5. Purposes of Processing
The business processes personal data for one or more of the following purposes: to respond to enquiries and contact requests; to organise and manage consultation calls or booking requests; to allow users to register for and access online courses; to administer customer relationships; to manage payments and related administrative matters; to send newsletters, updates and marketing communications regarding the business’s own services; to comply with contractual, legal, accounting or tax obligations; to protect the business in the event of disputes or legal claims; and, in the case of corporate training engagements, to provide the relevant corporate client with appropriate reporting relating to the services delivered to its participants.
The business does not sell personal data to third parties and does not disclose personal data to third parties for their independent marketing purposes. Any sharing with service providers is limited to what is reasonably necessary for the operation of the website, the delivery of the courses, the completion of payments, the management of communications or compliance with law.
6. Legal Bases for Processing
Personal data may be processed on the basis of one or more legal grounds under Article 6 GDPR, depending on the processing activity involved.
Contact form, booking and enquiry management: processing is generally necessary in order to take steps at the request of the data subject prior to entering into a contract, and may also be based on the controller’s legitimate interest in managing communications and business enquiries.
Course registration, learner administration and service delivery: processing is generally necessary for the performance of a contract with the data subject.
Payment confirmation, invoicing, tax and accounting management: processing is generally necessary for contract performance and/or compliance with legal obligations.
Newsletters and direct marketing relating to the business’s own services: processing is carried out on the basis of consent where required by applicable law, and, where permitted, may also be based on legitimate interest in relation to existing customer relationships and similar services. In all cases, users can unsubscribe or object at any time.
Corporate reporting: where services are provided under a corporate arrangement, limited participant-related information may be shared with the relevant company for reporting and contract-management purposes on the basis of contractual necessity and/or the controller’s legitimate interest in managing the B2B relationship.
Defence of rights and prevention of misuse: processing may also be based on the controller’s legitimate interest in securing the services, preventing abuse and defending legal rights.
7. Nature of the Provision of Data
The provision of data requested in forms or enrolment flows and marked as necessary is required to allow the business to respond to the request, manage the booking, provide access to the course or process the relevant transaction. Failure to provide such data may make it impossible to provide the requested service.
Providing data for optional marketing communications is voluntary. A person who does not wish to receive newsletters or promotional messages is free not to subscribe or may unsubscribe at any time.
8. Recipients and Categories of Recipients
Personal data may be made available, on a need-to-know basis, to authorised persons acting under the authority of the controller, including collaborators who assist with administrative or operational activities, subject to confidentiality and appropriate instructions.
Personal data may also be processed by selected external providers that support the business in delivering the services, including in particular Wix for the website and associated site functionality, Thinkific for the course-delivery platform and learner management, Stripe and PayPal for payments, and other strictly necessary technical, administrative or legal service providers where applicable.
In the case of corporate clients, relevant participant-related data may be shared with the relevant corporate customer for reporting and performance-monitoring purposes where this is part of the underlying service arrangement.
9. Processors and Main External Platforms
Website and site infrastructure. The website is built on Wix. According to Wix’s GDPR documentation, the site owner is considered the controller of site visitors’ data, while Wix acts as a processor for that data and provides tools to help site owners manage GDPR-related obligations such as cookie banners, consent logs and visitor-data requests.
Course platform. Online courses are made available through Thinkific. Thinkific’s Data Processing Addendum states that, in relation to the relevant agreement personal data, the customer acts as controller and Thinkific acts as processor for the limited purpose of providing the contracted services.
Payment providers. Payments for courses may be processed by Stripe or PayPal, each under its own contractual and privacy documentation. The business does not itself process or store full payment-card data through the website or through Wix. Instead, the relevant payment provider processes payment data in its own systems, while the business may receive limited transaction-related information necessary to confirm the purchase or administer the service.
10. International Data Transfers
Because the business relies on international service providers such as Wix, Thinkific, Stripe and PayPal, personal data may be processed outside the European Economic Area or may be accessible from multiple jurisdictions depending on the provider’s infrastructure and service model.
Where international transfers occur, they are intended to take place subject to the safeguards and transfer mechanisms made available by the relevant providers under applicable data protection law, including, where relevant, standard contractual clauses or equivalent transfer mechanisms. Users should also refer to the privacy and data transfer documentation of the relevant third-party providers.
11. Data Retention
The business retains personal data only for as long as reasonably necessary for the purposes for which it was collected and thereafter only to the extent required for legal, regulatory, tax, accounting or evidentiary purposes.
As a general policy, website contact and booking data may be retained for up to five years from the last meaningful interaction; learner and customer data may be retained for the duration of the relationship and for a reasonable period thereafter to manage support, disputes, audits and legal obligations; accounting and transaction-related records may be retained for the period required by applicable law; and marketing data may be retained until consent is withdrawn, the user unsubscribes, objects to processing, or the data is no longer necessary for the purpose for which it was collected.
At the end of the applicable retention period, personal data will be deleted, anonymised or otherwise securely removed from active use, unless a further retention period is required or justified under law.
12. Data Subject Rights
Subject to the conditions and limitations established by applicable law, data subjects may exercise the following rights: the right of access to their personal data; the right to rectification of inaccurate or incomplete data; the right to erasure; the right to restriction of processing; the right to object to processing; the right to data portability where applicable; the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal; and the right to lodge a complaint with the competent supervisory authority.
Requests may be sent to admin@prepinvestmentbanking.com. The business aims to provide an initial response as promptly as possible and, where feasible, within five working days, without prejudice to the longer periods permitted by law where the request requires additional assessment or verification.
13. Marketing Communications
The business may send newsletters and commercial communications concerning its own services using Wix’s communication tools or other internal channels operated by the business. The business does not use personal data to market unrelated third-party products or services.
Every recipient remains free to opt out at any time by using the unsubscribe function where available or by sending a request to admin@prepinvestmentbanking.com. Any withdrawal of consent or objection to marketing will be respected prospectively.
14. Corporate Clients and Reporting
Where the business provides services to corporate clients, the business may communicate limited participant-related information to the relevant corporate customer in order to provide reporting concerning attendance, participation, course usage or service delivery, where such reporting is part of the relevant commercial arrangement.
In such cases, the business endeavours to limit the information shared to what is reasonably necessary for the specific reporting purpose and does not disclose participant data for unrelated purposes.
15. Security Measures
The business seeks to process personal data in a secure and proportionate manner and to apply measures designed to reduce the risk of unauthorised access, alteration, disclosure, misuse or loss.
Such measures include, where appropriate, limiting access to personal data to authorised persons only, relying on established external providers for core infrastructure and payment processing, using only the categories of data reasonably necessary for the relevant purpose, reviewing data retention over time, and managing access, correction and deletion requests through a dedicated contact channel.
At the website, course-platform and payment-infrastructure levels, the business relies in significant part on the technical and organisational measures implemented by Wix, Thinkific, Stripe and PayPal under their respective services and contractual frameworks. Nevertheless, the business remains responsible for the processing operations that fall within its own sphere of control and seeks to configure and use those services in a privacy-conscious manner.
16. Cookies and Similar Technologies
The website is built on Wix. Even where the business has not intentionally added third-party marketing trackers, the site may still use cookies or similar technologies that are technically necessary for essential website functionality, session management, security or embedded platform services.
The business does not currently intend to use unnecessary third-party advertising or analytics cookies beyond those required for the website and associated service functionality. To the extent non-essential cookies are or become active, they should be managed through an appropriate cookie banner or consent mechanism made available through the website configuration.
Users should note that Wix provides tools intended to support cookie disclosure and consent management, but the site owner remains responsible for choosing the configuration and ensuring that the website’s cookie practices match the public disclosures made to users.
17. Children and Minors
The services are not intended for minors, and the business does not knowingly collect personal data from children or underage users. If the business becomes aware that data has been submitted by a minor in circumstances where such processing should not occur, it will take reasonable steps to delete the relevant data and, where appropriate, discontinue the related account or service access.
Because online registration does not always make it possible to verify age in every circumstance, users are requested not to register for the services if they are underage and not entitled to do so under applicable law or without the required authorisation.
18. Complaints and Supervisory Authority
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with the competent data protection supervisory authority, including in Italy the Garante per la protezione dei dati personali, if they believe that the processing of their personal data infringes applicable law.
19. Third-Party Documentation
Where services are provided through or supported by third-party providers, users may also consult the relevant privacy and data protection documentation made available by such providers, including the applicable privacy policies, data processing terms and legal agreements of Wix, Thinkific, Stripe and PayPal. Those documents govern, among other things, how those providers process data within their own systems and under their own legal roles.
20. Changes to This Policy
The business may update this Privacy Policy from time to time in order to reflect operational, contractual, legal or regulatory developments. The updated version will be published on the website with the relevant update date. Where required by law, additional notice may be given.
Cookies we use in our site:
This website uses strictly necessary cookies and similar technologies for the purposes of ensuring the security, integrity, technical operation, rendering, stability and proper functioning of the website.
As the website is hosted on the Wix platform, certain strictly necessary cookies may be placed by Wix and/or its infrastructure providers in order to enable core website functions, maintain session security, prevent fraudulent or abusive activity, support page delivery and improve the technical resilience and performance of the website. These cookies may include, by way of example, cookies such as XSRF-TOKEN, hs, svSession, SSR-caching, TS* cookies, bSession and fedops.logger.sessionId.
Such cookies are used exclusively insofar as necessary to provide and secure the website and, where permitted under applicable law, do not require prior consent.
To the extent that any non-essential cookies or similar technologies (including analytics, functionality or marketing tools) are enabled on the website from time to time, they shall be subject to the user’s prior choice and managed through the cookie consent mechanism made available on the website, where required by applicable law.
Users may at any time manage or restrict cookies through their browser settings and, where available, through the cookie preference tools presented on the website. Please note, however, that disabling strictly necessary cookies may adversely affect the availability, security or proper functioning of all or part of the website.
For the avoidance of doubt, certain services promoted through this website may redirect users to third-party platforms, including Thinkific, for course access, sign-in or purchase. Any cookies, trackers or similar technologies used on such third-party platforms are deployed independently by the relevant third-party provider and are governed by that provider’s own privacy and cookie policies, for which we assume no responsibility.
