Following the latest Guidelines for Cookies and other tracking tools, as issued on 10th June 2021 by the Italian Data Protection Authority and which is available at the following address Cookies and other tracking tools guidelines – 10th June 2021… – Italian Data Protection Authority (gpdp.it) and in full compliance with EU Regulation n. 2016/679, the Data Controller hereinafter provides those browsing on this website with a general overview of what is to follow in further detail in the form of tables provided under point 4, with regards to cookies and other tracking and identification tools used specifically on this present website.
A cookie is a small file downloaded from a website onto the user’s hard disk and which specifically takes the form of text strings that a particular website (the so-called “Publisher” or “first parties”) visited by the user stores and archives – directly, in the case of a Publisher, or indirectly, that is via the visited site, in the case of “third parties” – onto a terminal device available to said user.
This way, cookies are able to unequivocally identify the user’s browser or give access to information about the user’s terminal. As reminded by the Italian Data Protection Authority in the guidelines issued in June 2021 “… The terminals referenced include, for example, computers, tablets, smartphones, and any other kind of device capable of storing information … among these we should also include so-called IoT devices (Internet of Things) …”.
Cookies do not damage computers nor do they contain viruses. Cookies’ primary function is to streamline web traffic analysis or notify when a specific website is visited while also allowing web applications to send information to individual users.
Why are cookies used?
Cookies are necessary in order for the website to function correctly (technical cookies), while optimising website performance in order to give users the best experience possible while using the site in question (so-called navigational cookies). Cookies allow users to enjoy the most simplified and fluid experience while browsing on the website since, each time they visit the website in question, they will no longer be required to insert or receive the same data. Cookies are therefore capable of carrying out important and diverse functions, including session monitoring, memorising specific information concerning users accessing the server, streamlining the use of online content, etc. (for example, cookies may be used to keep track of items in a virtual shopping basket when shopping online or to save information provided to fill out an online form). Generally speaking, the Data Protection Authority would also like to remind users that a number of purposes for which cookies are used may also be achieved through the use of other instruments such as “tracking tools” while “passive identifiers” simply require the user’s observation to allow similar goals to be achieved to those for which cookies are otherwise applied. “Passive” tools may also include, for example: fingerprinting. Information coded onto a cookie may include personal data, such as a username, a similar identifying piece of data or an e-mail address, an IP address, however cookies may also contain data that is not personal such as language settings or information concerning the type of device with which the user is accessing the website in question.
This website only uses the types of Cookies described in the table provided under Point 4.
2. Types of cookies and methods of classification
Cookies may be classified on the basis of their life cycle:
Session cookies: session cookies are stored on the device used during a website session, i.e. when a user accesses the website in question, and are removed once the user leaves said website and closes their browser. A cookie of this nature is saved on the computer’s temporary memory. Session cookies allow websites to follow a user as they browse through the pages of the same website.
Websites are not equipped with their own memory system. This is why cookies are used.
An easy way to imagine how cookies work is to picture them as keys. Once your device has stored a key to a website, that same website will allow your device immediate access for future visits instead of treating you like a new user every time you access the website.
This type of cookie is not stored permanently on the user’s device and is deleted as soon as the device’s browser is closed.
Persistent cookies: persistent cookies are stored on a device for a longer period of time than that of session cookies. They are deleted once a specific amount of time has passed or when users delete them themselves. This means that, for the entire duration of the cookie’s life span, its data will be transmitted to the server in question every time the user accesses the relative website, or every time the user accesses a resource that belongs to that website or another (such as, for example, an advertisement).
Since this type of cookie persists on the user’s device for a longer period of time than that of session cookies, persistent cookies may be used for multiple purposes such as memorising access credentials, remembering a user’s preferences or settings. Persistent cookies are primarily used to monitor visitors when they are browsing through a website in order to “see” what they like and improve their visiting experience.
Cookies can also be classified based on their provenance:
First-party cookies (that is, cookies issued directly by the Data Controller): these are cookies that are sent to the user’s browser by the visited website directly and are managed equally directly by the owner and/or those responsible for the website.
Third-party cookies (that is, cookies issued directly by third parties who offer services aimed at correctly managing the website in question): third-party cookies belong to domains that are different from the one indicated in the address bar. These particular cookies tend to appear when web pages feature content from other websites, such as advertisements. This implies the possibility of monitoring a user’s browsing history and is often used by advertisers in order to offer advertisements that are customised and relevant to each specific user.
A further classification can be made on the basis of a cookie’s use or purpose of use:
Technical cookies are used for browsing (in so much as they are functionally necessary for the webpage in question to work, for its contents to be viewed and for its services to be provided), for streamlining access and allowing the user to make the most of the website.
Statistics cookies are used by the website owner directly in order to optimise the site itself, allowing the owner to gather aggregated information regarding the number of users and how they interact with the website.
Preference cookies (also known as Functionality cookies) are cookies that encourage a more effective use of the website in question by the user and allow for a more personalised browsing experience.
Marketing and profiling cookies (ad cookies) are used in order to compile a browsing “profile” of a user and in turn show them advertisements that are in line with their behavioural patterns and online interests.
Social network cookies allow social networks, such as Facebook, to identify their users and gather information while they browse on other sites.
3. Other tracking tools and technical identifiers
The Italian Data Protection Authority provides an in-depth analysis with regards to this matter in their GUIDELINES ON COOKIES AND OTHER TRACKING TOOLS – EXECUTIVE SUMMARY.pdf which provides a table summarising their cookie and other tracking tools guidelines. It is important that in relation to this the Data Controller reminds users that tracking tools may have various characteristics depending on their duration (session tools or permanent tools) or depending on their provenance (based on whether the publisher acts independently or on behalf of a “third party”). Identifiers can also be categorised on the basis of various factors, the primary of which is the purpose for which they are used: such identifiers may be “technical” or “non-technical”, where the latter is to be understood as broader category, since the current laws and regulations aimed at protecting the confidentiality of digital communications and information of a personal nature delineate a legal framework that, in general, prohibits the processing of data subjects’ information, with the specific exception of rigorously defined cases, which are not susceptible to an analogous extension.
Under Point 4, the Data Controller, in compliance with the above-mentioned guidelines, will provide a table underlining the tracking systems and technical identifiers that are present on the website you are currently visiting.
4. Table of cookies, tracking tools and technical identifiers
The table below and following points are aimed at providing the user, as a data subject, with a complete and thorough descriptive framework in compliance with the requirements of art. 13, GDPR, and with the Italian Data Protection Authority’s relevant guidelines.
It is possible to refuse all cookies except for those that are required in order for the website to function correctly.
We would also remind you that operational cookies may be disabled with the user’s consent (legal basis: consent) by clicking on ‘Rifiuta’.
It remains agreed that, should the user decide to change their mind and revoke their expressly given consent.
5. The User’s rights and how to exercise them
The rights that may be exercised by a data subject in accordance to GDPR are as follows:
art. 15 – right of access: the data subject/user shall have the right to know what personal data of theirs is being processed by the Data Controller along with the purposes, conservation periods and methods of said data processing.
art. 16 – right to rectification: the data subject/user shall have the right to verify the accuracy of their own data and request any change/addition as required.
art. 17 – right to erasure: the data subject/user shall have the right to request the removal of their data should certain conditions arise, such as, for example, a piece of personal data is no longer necessary in view of the purposes for which it was initially collected.
It is within our rights to refuse a request to remove data (in accordance with art. 17 GDPR) for any of the following reasons:
- to exercise the right to free expression and information;
- to obey the law or carry out a duty of public interest or exercise an act of official authority;
- for public health reasons of public interest;
- for reasons tied to archiving, research or statistics;
- to exercise or defend a legal right.
art. 18 – right to restriction of processing: the data subject/user shall have the right to request the restriction of the processing of their data in the case of specific conditions, such as, for example, if the according to the data subject the piece of data in question was collected for the purpose in question illegally.
art. 20 – right to data portability, the data subject/user shall have the right to receive their data in a structured, commonly used and machine readable format and, where technically possible, obtain the transfer of said data without hinderance by the current Controller to another Data Controller when said data is processed using automated tools and the processing is based on the User’s consent given via a contract in which the User is a contractual party or via contractual measures connected to a similar contract.
art. 21 – right to object: the data subject/user shall have the right to object to the processing of their personal data when said processing is carried out on a legal basis that is not the data subject’s given consent, for reasons relating to their specific situation; when, on the other hand, the legal basis is indeed that of the data subject/user’s given consent, the latter may at any time object to said processing however the processing up until that point will remain legal.
art. 22 – automated individual decision-making, including profiling: without prejudice to specific expressed exceptions provided by the law, the data subject/user shall have the right to not be subjected to decision-making processes that rely exclusively on automated processing, including profiling, that can produce legal effects on them or equally significant effects.
In order to exercise any of the above-listed rights or if you would like to receive any further information, simply send an e-mail to firstname.lastname@example.org indicating in the subject line “cookies policy: esercizio dei diritti ex GDPR” (“cookies policy: exercising GDPR rights”) and writing in the body of the e-mail the right which you would like to exercise and, if necessary, the e-mail address on which you would prefer to receive the relative reply.
The Data Controller will reply with regards to exercising said rights within the timeframes provided in art. 12 paragraph 3 GDPR. We would remind you that it is your prerogative to make a claim to the competent authority (in this case the Italian Data Protection Authority: www.garanteprivacy.it)
6. Data breach: Should the Data Controller suffer a personal data breach as defined in articles 33/34 and which implies a risk to the rights and freedom of an individual (data breach), the former will act – where possible – to notify the Data Protection Authority of the event and also notify the data subjects concerned.
7. The Data Controller also informs you that, should they intend to process your personal data for purposes that differ from those for which said data was initially collected, prior to enacting such processing the Controller will provide the data subject in question with information relating to the new purposes and any other relevant information, gathering, should the subject be willing, their consent as required.