Cookies are short pieces of text (letters and/or numbers) that allow the web server to store information on the client (the browser, e.g., Internet Explorer, Chrome, Firefox, Opera…), to be reused during the same visit to the site (session cookies) or later, even days later (persistent cookies). Cookies are stored, according to user preferences, by the individual browser on the specific device used (computer, tablet, smartphone).
Similar technologies, such as web beacons, transparent GIFs, and all forms of local storage introduced with HTML5, can be used to collect information about user behavior and the use of services. A cookie cannot retrieve any other data from the user’s hard drive, transmit computer viruses, or acquire email addresses. Each cookie is unique to the user’s web browser. Some cookie functions may be delegated to other technologies. The term ‘cookies’ is used to refer to both cookies and all similar technologies.
Strictly necessary technical cookies: are essential for the proper functioning of a website and are used to manage various services related to websites (such as login or access to reserved functions on sites). The duration of these cookies is strictly limited to the work session or they may use a longer duration to remember the visitor’s choices. Disabling strictly necessary cookies may compromise the user experience and navigation of the website.
Analysis (analytics) and performance cookies: are used to collect and analyze traffic and usage of a website anonymously. While these cookies do not identify the user, they allow, for example, the detection of whether the same user reconnects at different times. They also enable monitoring of the system and improvement of its performance and usability. Disabling such cookies can be done without any loss of functionality and will be discussed in detail later.
Profiling cookies (not operational on this site): are permanent cookies used to identify user preferences (anonymously and non-anonymously) and enhance the browsing experience. For more information on these cookies not used by the website, we invite you to visit the dedicated section on the website www.garanteprivacy.it/cookie.
Purpose of processing and purposes of technical session cookies.
The Data Controller informs that the website operates exclusively with technical cookies (such as those listed above) that are necessary for navigating within the site. These cookies enable essential functions such as authentication, validation, management of a browsing session, and fraud prevention.
Third party cookies
When visiting a website, you may receive cookies from sites managed by other organizations (“third parties”) that may be located in Italy or abroad. An example present on most websites is the inclusion of YouTube videos, Google APIs, the use of Google Maps, and the use of “social plugins” for Facebook, Twitter, Google+, and LinkedIn. These are parts of the visited page generated directly by the mentioned sites and integrated into the hosting site’s page. The most common use of social plugins is aimed at sharing content on social networks to enhance the visitor’s user experience.
The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information collected by “third parties” is governed by their respective policies, which you are encouraged to refer to. To ensure greater transparency and convenience, below are the web addresses of various policies and information on how to manage cookies, specifying that the Data Controller is not responsible for the operation of third-party cookies on this site.
▪ Google information: on the use of data linked to the link: http://www.google.com/policies/technologies/cookies/ ed informativa completa al link http://support.google.com/analytics/answer/6004245
▪ Google (configuration): the guide on general out-out for Google services (Maps, YouTube…) is available at the web address: http://support.google.com/accounts/answer/61416?hl=it
▪ Facebook information: https://www.facebook.com/help/cookies/ e https://it-it.facebook.com/about/privacy/cookies
▪ Facebook (configuration): log in to your account. Privacy section. Or follow the various guides on the web for example: https://support.mozilla.org/en-US/kb/disable-third-party-cookies
▪ Twitter information: https://support.twitter.com/articles/20170514
▪ Twitter (configuration): https://twitter.com/settings/security e https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter
▪ Linkedin information: https://www.linkedin.com/legal/cookie-policy
▪ Linkedin (configuration): https://www.linkedin.com/settings/
▪ Google+ information: http://www.google.it/intl/it/policies/technologies/cookies/
▪ Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
Analysis cookies (Analytics)
As clarified by the General Provision of the Privacy Guarantor on Cookies on May 8, 2014, analytics cookies are assimilated to technical cookies when directly used by the site owner to collect aggregated information about the number of users and how they visit the site. The functionalities and purposes of processing on this site align precisely with these specifications.
It is possible to opt-out by visiting the website http://tools.google.com/dlpage/gaoptout?hl=en. Additionally, you can deny consent and block third-party cookies through browser plugins. To do this, search on Google for “block and delete third-party cookies,” and you will find numerous guides that vary depending on the operating system and browser used.
Responsibility for the operation of Third Party Cookies
The text refers to the General Provision of the Privacy Guarantor on Cookies dated May 8, 2014, which highlights several reasons why it is not feasible to impose on the publisher the obligation to provide information and obtain consent for the installation of cookies on their site, including those installed by third parties. The challenges arise from the publisher’s need to constantly have the tools and economic-legal capacity to manage the obligations of third parties, ensuring alignment between third-party declarations and their actual cookie-related purposes. This is made difficult by the fact that the publisher often doesn’t directly know all third parties installing cookies through their site, including the underlying logic of their treatments. Additionally, intermediaries often exist between the publisher and third parties, making it complex for the publisher to control the activities of all involved parties. Furthermore, third-party cookies might be modified over time by third-party providers, making it impractical to ask publishers to keep track of these subsequent changes.
As indicated by the Privacy Guarantor, the current website doesn’t have the ability to control third-party cookies, especially when utilizing third-party services (YouTube, Google Maps, “social buttons”), for which third parties bear exclusive responsibility. Additionally, the user is reminded of the option to delete and block the operation of cookies at any time, using browser plugins and adjusting settings, as outlined in various browser manuals.
Mandatory or optional nature of consent for the operation of cookies that do not pursue marketing purposes.
It is not mandatory to obtain consent for the operation of only technical cookies or third-party cookies or analytical cookies assimilated to technical cookies. However, their deactivation and/or refusal to operate will result in the impossibility of proper navigation on the website and/or the inability to enjoy the services, pages, features, or content available therein.
Exercise of rights by the interested party.
In accordance with Articles 13, paragraph 2, letters (b) and (d), and from 15 to 22 of the Regulation, the data subject is informed that:
The exercise of rights is not subject to any formal constraints and is free of charge. Only in the case of a request for additional copies of data by the data subject, the Data Controller may charge a reasonable administrative fee based on the costs incurred. If the data subject submits the request electronically, and unless otherwise specified by the data subject, the information is provided in a commonly used electronic format. No further formalities are required. The response will be provided within the timeframes set out in Article 12, paragraph 3 of the Regulation (“The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject”).
In accordance with the Guidelines on Transparency (WP 260/2017) issued by the EU Data Protection Authorities, in outlining the data subject’s rights, the data controller must provide a summary of each right and provide separate information on the right to data portability.
Specific information on the right to portability of personal data.
The Data Controller informs the data subject about the specific right to data portability. Article 20 of the General Data Protection Regulation introduces the new right to data portability. This right allows the data subject to receive the personal data provided to the Data Controller in a structured, commonly used, and machine-readable format and, under certain conditions, to transmit them to another data controller without hindrance.
Only personal data that (a) pertains to the data subject and (b) has been provided by the data subject to the Data Controller based on consent; (c) is processed electronically as part of entering into a contract is portable.
As the processing is not based on either consent or a contract, the right to data portability does not apply in this case.
Summary information on the other rights of the interested party.
The Regulation grants the data subject a set of rights, which, according to the Transparency Guidelines WP 260, must be summarily outlined in their main content within the information notice. Below are summarized and synthesized these rights:
Right of Access (to one’s own personal data): The right to obtain confirmation from the data controller as to whether or not personal data concerning the data subject is being processed and, if so, the right to access the personal data and be informed about the purposes of the processing; the categories of personal data involved; the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially if recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; if the data was not collected from the data subject, the right to receive all available information about its source; the right to be informed of the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to Rectification and Integration: The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, even by providing a supplementary statement. The data controller communicates any rectifications to each recipient to whom the personal data has been transmitted, unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject about these recipients if requested by the data subject.
Right to Erasure: The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay (and unless the specific reasons under Article 17(3) of the Regulation exist, which relieve the controller from the obligation of erasure) if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; or if the data subject withdraws consent, and there is no other legal ground for the processing; or if the data subject objects to the processing for marketing or profiling purposes, including withdrawing consent; if the personal data has been unlawfully processed or relates to information collected from minors in violation of Article 8 of the Regulation. The data controller communicates any erasures to each recipient to whom the personal data has been transmitted unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject about these recipients if requested by the data subject.
Right to Restriction of Processing: The data subject has the right to obtain from the data controller the restriction of processing (i.e., according to the definition of “restriction of processing” provided by Article 4 of the Regulation: “the marking of stored personal data with the aim of limiting their processing in the future”) in the following cases: the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful, and the data subject opposes the erasure of the personal data and instead requests the restriction of its use; although the data controller no longer needs it for processing purposes, the personal data is necessary for the data subject to establish, exercise, or defend a legal claim; the data subject has objected to processing for marketing purposes, pending the verification regarding the possible prevalence of the legitimate reasons of the data controller over those of the data subject. If processing is restricted, such personal data is processed, except for storage, only with the consent of the data subject or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest. The data subject who has obtained the restriction of processing is informed by the data controller before such restriction is lifted. The data controller communicates any restrictions to each recipient to whom the personal data has been transmitted, unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject about these recipients if requested by the data subject.
Right to Object: The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them carried out by the data controller for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or for the purposes of the legitimate interests pursued by the data controller or by third parties (including profiling). Additionally, the data subject, if personal data is processed for direct marketing purposes or commercial profiling, has the right to object at any time to the processing of personal data concerning them for such purposes.
Right Not to be Subject to Automated Decision-Making, Including Profiling: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where the automated decision-making is necessary for the conclusion or performance of a contract between the data subject and a data controller; is authorized by law, subject to appropriate safeguards and measures; or is based on the explicit consent of the data subject.