Dear User,
In response to the new guidelines for cookies and other tracking tools emanated on 10 June 2021 by the Italian data processing authority, the ’Autorità Garante which may be viewed at the following address: Linee guida cookie e altri strumenti di tracciamento – 10 giugno 2021… – Garante Privacy (gpdp.it), and in conformity with the requirements of European Regulation 2016/679, the Data Controller hereby provides site browsers with the following information, in general and in detail through the table appearing in point 4 below, regarding cookies and other tracking and technical identification tools specifically used on the site you are browsing.
1. Cookies
A cookie is a small text file that is deposited by a website on the user’s hard disk, which, in detail, contains the strings of text that websites (referred to as Publishers or “first parties”) visited by the user, or different websites or web servers (referred to as “third parties”) position and file on the user’s terminal – directly, in the case of publishers, and indirectly, that is, through Publishers, in the case of “third parties”.
Cookies thus uniquely identify the browser or permit access to information on the user’s device. According to the Authority’s June 2021 order, “… The devices referred to are, for example, a computer, tablet, smartphone, or any other device capable of storing information… including IoT (Internet of Things) devices…”.
Cookies do not damage your computer and contain no viruses. Cookies are used to speed up web traffic analysis, to communicate when a specific website is visited, and to allow web applications to send information to individual users.
Why are cookies used?
Cookies are necessary for the operation of the website (technical cookies) in order to optimise performance and provide a better browsing experience (referred to as browsing cookies). Cookies are used to provide Users with a browsing experience that is as fluid and simple as possible, so that they will not need to receive or enter the same information all over again every time they visit the site. Cookies can therefore play an important role and perform a number of functions, including monitoring of sessions, memorisation of information on specific configurations regarding users who access the server, making it easier to use online content, etc. (they may, for example, be used to keep track of the articles in an online shopping cart, or the information entered when filling in a form). The Authority notes that, generally speaking, some of the results achieved through use of cookies can also be achieved using other tools, such as “tracking tools” or “passive identifiers” which merely observe the User, permitting forms of data processing similar to those of cookies. These “passive” tools include fingerprinting, for example. The information codified in cookies may include personal data, such as a username, unique identifier or e-mail address, or an IP address, but they may also contain data that is not personal, such as language settings or information on the type of device a person is using to browse the site.
This site uses only the Cookies listed in the table appearing under point 4 below.
2. Cookie types and classification methods.
Cookies may be classified on the basis of their life cycle, as follows:
Session cookies: session cookies are placed on the computer during a session visiting a website and are removed when the user leaves the site and closes the browser. These cookies are stored in the computer’s temporary memory. Session cookies allow a website to follow you as a user progressing through the website from one page to another.
Websites do not have their own memory, but use cookies to do this.
These cookies may be thought of as keys. When your computer already has the key, the website can let you in immediately, rather than treating you as a new visitor every time you view the page.
Cookies of this type are not permanently stored on the user’s device, but deleted when the browser is closed.
Persistent cookies: persistent cookies are stored on your computer for a longer time period. They are removed only when the cookies expire or the user removes them. This means that, for the cookies’ entire lifespan, the information they contain will be sent to the server every time the user visits the website, or every time the user views a resource belonging to the website from another site (such as an advertisement).
This means that cookies of this type remain on the user’s PC for a longer time period than session cookies; persistent cookies may be used for a number of purposes, such as memorising log-on information and remembering your preferences or settings. Persistent cookies are primarily used to monitor visitors who are browsing a website to “see” what the visitor likes and improve his or her user experience.
Cookies may be classified on the basis of origin, as follows:
First-party cookies (issued directly by the Data Controller): these are cookies sent to the browser directly by the website the user is visiting and managed directly by the site's owner or manager.
Third-party cookies (issued directly by third parties offering services of use for correct use of the site): third-party cookies belong to domains other than the one appearing in the address bar. Cookies of this type normally appear when web pages have content from external websites, such as advertising banners. They permit monitoring of the user’s browsing history, and are often used by advertisers in an attempt to provide relevant advertising customised to the individual user.
On the basis of use/purpose of use:
Technical cookies: useful for browsing (in that they are functionally necessary to browse through the page, consult its content, or provide a service) and facilitating the user’s access to and use of the site.
Statistical cookies: used for optimisation of the website directly by its owner, who may collect information in aggregate form regarding the number of users and how they visit the site.
Cookies for memorising preferences: (also referred to as functional cookies) are cookies of use for promoting effective use of the website by the user and favouring a customised browsing experience.
Marketing and profiling cookies (advertising cookies): these cookies are used to come up with a browsing “profile” for the user, so as to suggest advertising messages in line with the user’s behaviour and interests on the internet.
Social network cookies: these cookies allow social networks such as Facebook to identify their users and collect information even when they are browsing other sites.
3. Other tracking tools and technical identifiers
On the web page LINEE GUIDA COOKIE E ALTRI STRUMENTI DI TRACCIAMENTO – SCHEDA DI SINTESI.pdf (Guidelines for Cookies and other Tracking Tools - Brief Information Sheet), the Authority addresses the issue in an information sheet about its guidelines for cookies and other tracking tools. The Data Controller reminds users that tracking tools may have different time features and therefore be classified on the basis of duration (session or permanent), or in terms of their subject (depending whether the publisher acts independently or on behalf of a “third party”). Identifiers may be catalogued on the basis of different criteria, in which the key principle continues to be purpose for which they are used: “technical” or “non-technical” purposes. Non-technical purposes are defined in the broadest sense, as the current legislation, protecting the confidentiality of electronic communications and information of a personal nature, is formulated on the basis of an overall prohibition of processing of data subjects’ data, with the exception of a few strictly defined exceptions which cannot be extended analogically.
In point 4 below, the Data Controller, in compliance with the legislation referred to, uses the table to identify the tracking systems and technical identifiers, if any, present on the website you are browsing.
4. Schematic table of cookies, tracking tools and technical identifiers
5. What are your rights, and how can you exercise them?
The GDPR acknowledges the following rights of data subjects:
art. 15 – right to access, meaning that the data subject/user is entitled to obtain information on the personal data on him or her processed by the Data Controller, the purposes of processing, the amount of time for which the data will be stored and the methods by which it will be processed.
art. 16 – right to rectification, that is, the data subject/user is entitled to determine that the data on him or her is correct and to request changes or additions.
art. 17 – right to deletion, that is, the data subject/user may request deletion of his or her data in the presence of certain conditions, such as, for example, personal data that is no longer necessary for the purposes for which it was collected.
We are entitled to refuse to satisfy your request for deletion (under art 17 GDPR) for one of the following reasons:
– to exercise the right to freedom of expression and information;
– to comply with obligations under the law, perform an act in the public interest or exercise official authority;
– for reasons of public health, in the public interest;
– for purposes of record-keeping, research or statistics;
– to exercise or defend a legal right.
art. 18 – right to limitation of treatment, that is, the data subject/user may request restriction of the data processing that may be performed on his or her data in the presence of certain conditions, such as, for example, if the data subject believes the data has been unlawfully acquired for the specific purpose for which it is being used.
art. 20 – right to data portability, that is, the user/data subject is entitled to receive his or her data in a structured form in common use which is legible on an automated device and, where technically feasible, to obtain unhindered transfer thereof to another data controller if the data is processed using automated tools and the processing is based on the User’s consent, on a contract to which the User is a party, or on contractual measures related thereto
art. 21 – the right to objection, meaning that the user/data subject is entitled to object to data processing if it takes place on a legal basis other than consent, for reasons connected with the particular situation; if, on the other hand, the legal basis is consent, the data subject/user may object to data processing at any time, but the data processing performed until that time remains lawful.
art. 22 – Automated decision-making process regarding physical persons, including profiling: with specific exceptions expressly permitted by the law, the data subject/user is entitled not to be subject to decision-making based solely on automated processing, including profiling, producing legal effects which affect the user or have a significant impact on his or her person.
To exercise the rights listed above or to obtain more information on the processing of your personal data, simply email info@assocalzaturifici.it, stating the wording “Cookie Policy: Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with the email address where you wish to receive the reply.
The Data Controller will respond regarding the exercise of your rights by the deadlines specified in art 12, paragraph 3 of the GDPR.
We remind you of your right to lodge a complaint with a supervisory authority (Autorità Garante per la protezione dei dati personali, www.garanteprivacy.it)
6. Data breach: If the Data Controller should suffer a violation of the type described in articles 33 and 34 L involving a risk to the rights and freedoms of individuals (a data breach), the Data Controller will, if necessary, notify the Authority and inform all data subjects of the breach.
7. Should the Controller intend to process personal data for a purpose other than that for which it was collected, the data subject will be informed in advance of this new purpose and all other pertinent information, and the Controller must obtain his or her explicit consent.