- Who is the data “controller” (i.e. who decides the purposes and methods of processing) and how can I contact them?
The data controller is Inticom S.p.a., tax code and VAT number 02649140122, with registered office and headquarters in Via Carlo Noè 22, 21013 – Gallarate (VA), email address firstname.lastname@example.org, certified email address email@example.com (hereinafter, the “Company”).
- How can I contact the “Data Protection Officer” (“DPO”)?
The DPO can be contacted at the email address firstname.lastname@example.org.
- What personal data are processed?
- Browsing data
During their normal functioning, the computer systems and software procedures used to operate this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but given its nature could allow users to be identified through processing and association with data held by third parties. This category of data includes the IP addresses or domain names of computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the response status provided by the server (successful, error, etc.) and other parameters relating to the users’ operating system and IT environment.
These data can be processed:
- to allow and monitor the correct functioning of the Site, carry out maintenance activities;
- to obtain anonymous statistical information on use of the Site;
- to ascertain any liability in the event of hypothetical computer crimes against the Site and, therefore, to exercise and/or defend the Company’s rights in court.
- Data provided voluntarily by users
In order to use certain services, it is necessary to provide personal data. In this regard, please refer to the specific notice provided at the time of collection pursuant to Article 13 of the GDPR.
What are cookies?
Cookies are small text files created by the web server on the users’ device when they access a specific site for the purpose of storing and transporting information.
Cookies are sent by the web server to the users’ device (usually the browser) and stored so that the device can be recognised on each subsequent visit. Cookies are then sent back from the users’ device to the site on each subsequent visit.
First-party and third-party cookies
Cookies can be installed by the owner of the site visited by the user (first-party cookies) or by a different site, which installs cookies through the first site (third-party cookies) and is able to recognise them. This happens when the site contains elements that reside on servers other than that of the site visited (images, maps, sounds, links to web pages of other domains, etc.).
Pursuant to the provisions of the Italian Data Protection Authority’s Decision , any third parties that install cookies must meet disclosure and, where required, consent obligations. The site owner, as the technical intermediary between third parties and users, is required to include updated links to the notices and consent forms of the third party in its extended notice.
Technical, analytical and profiling cookies
Based on their purpose, cookies are divided into technical cookies and profiling cookies.
Technical cookies are installed for the sole purpose of “the transmission of a communication over an electronics communications network, or to the extent necessary for an information service provider to provide the service expressly requested by a subscriber or user” (Article 122 (1) of Italian Legislative Decree 196/2003, hereinafter, the “Italian Privacy Code”).
They are normally used to allow efficient browsing between pages, store user preferences, store information on specific user configurations, authenticate users, etc.
Technical cookies can be divided into session cookies, used to record data useful for normal browsing and use of the website on the users’ computer (for example, making it possible to remember the preferred page size in a list) and functional cookies, which allow the website to remember the choices made by the user to optimise its functionality (for example, functional cookies allow the site to remember specific user settings such as country selection and, if set, permanent login status).
Some of these cookies (considered strictly necessary) enable functions without which is it impossible to carry out certain operations.
Pursuant to the aforementioned Article 122 (1) of the Italian Privacy Code, the use of technical cookies does not require user consent but only requires the obligation to inform users.
According to the Italian Data Protection Authority’s Decision , analytics cookies are assimilated to technical cookies and therefore user consent is not required for their installation where:
- created and used directly by the first-party site (without the intervention of third parties) for the purpose of optimising the site to collect aggregate information on the number of users and how they visit the site, or
- created and made available by third parties if:
- used by the first-party site for statistical purposes only, provided that minimisation measures are adopted to reduce their identifying power (for example, by masking suitable portions of the IP address) and used solely for the production of aggregate statistics and in relation, as a rule, to a single site or single mobile application, such as to prevent tracking of the navigation of a person who uses different applications or browses different websites;
- the third parties, which provide web measurement services to the site, do not combine, enrich or cross-reference the data, even as minimised above, with other information available to such third parties (e.g. customer files or statistics of visits to other sites) or transmit them to other third parties.
Profiling cookies, on the other hand, are used to track user browsing, to analyse users’ behaviour for marketing purposes and to create profiles based on their tastes, habits, choices, etc. in order to transmit targeted advertising messages in relation to the users’ interests and in line with the preferences expressed when browsing online.
These cookies can only be installed on the users’ terminal if they have given consent.
Persistent and session cookies
Based on their duration, cookies are divided into persistent cookies, which are stored on the users’ device until their expiration unless removed by the user, and session cookies, which are not stored permanently on the users’ device and disappear when the browser is closed.
Cookies used by the Company
They are therefore classified as “technical cookies”, as specified in the table below.
|Cookie name||First or third party||Description||Duration|
|CookieScriptConsent||CookieScript||This cookie is used by the Cookie-Script.com service to remember visitors' cookie consent preferences.||1 months|
|PHPSESSID||PHP.net||Cookie generated by applications based on PHP language. It is a generic identifier used to maintain user session variables and user login status across different pages.||1 years|
|__cf_bm||Cloudflare Inc.||Used to distinguish between humans and bots.||30 minutes|
This type of cookie cannot be disabled and, as mentioned above, prior user consent is not required for their installation, pursuant to Article 122 of the Italian Privacy Code.
Anonymous analytical cookies
The Company also uses Google Analytics, a web analysis service provided by Google Inc. to identify which pages are viewed the most by visitors to the site, how long they stayed on the site and their geographic area of origin. For more details and information, please visit the following link: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008 .
Users can selectively disable Google Analytics by installing the specific component provided by Google on their browser (by downloading a specific browser plug-in available at the this link: https://tools.google.com/dlpage/gaoptout?hl=en).
The analytical cookies used by the Company are specified in the table below:
|Cookie name||First or third party||Description||Duration|
|_ga_1X2LSVYQN5||yamamay.com||This cookie is used by Google Analytics to persist session state.||2 years|
|_ga||yamamay.com||This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.||2 years|
As mentioned above, for this type of cookie prior user consent is not required, pursuant to Article 122 of the Italian Privacy Code.
- Browser settings
In any case, users can express their own cookie preferences through the settings of the browser used. Even if the browser used is set to automatically accept cookies, users can change the default configuration through the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking or deleting cookies may compromise the optimal use of certain areas of the Site or prevent certain features of the same, or affect the functioning of third-party services. Links to cookie management guides for the main browsers are provided below:
For any browsers not listed above, please consult the specific browser guide to find out how to manage cookies.
- Links to social networking services
The Site contains links to social networks via social plugins that do not automatically install proofing cookies. The collection and use of information by the owners of these services are governed by the respective privacy policies to which reference should be made.
- Who is my data disclosed to?
Your data may also be processed, on behalf of the Company, by third parties appointed as processors pursuant to Article 28 of the GDPR, as natural and/or legal persons who carry out activities functional to the pursuit of the aforementioned purposes (e.g. service providers for the management of the Site, such as system outsourcers, companies providing internet connectivity services, consultancy firms).
Your data may also be disclosed to independent data controllers, such as supervisory and control authorities entitled to request/receive data, as well as to any third party providers (or vendors) indicated in the tables above listing the cookies used, which also contain links to the related notices.
Your data is processed by Company employees – belonging to the corporate functions responsible for pursuing the aforementioned purposes – who are expressly authorised to process the data and have received adequate operating instructions.
- Transfer of personal data to non-EU countries
Your data may be transferred to organisations established in countries outside the EU and the EEA, and in the USA in particular. In this case, the standard data protection clauses adopted by the European Commission pursuant to point (c) of Article 46(2) of the GDPR are used as appropriate safeguards, with the possible application of “additional measures” aimed at guaranteeing a level of protection substantially equivalent to that required by EU law.
For more information, please refer to the links to the notices of the vendors who install the cookies indicated in the tables above.
- Rights of the data subject
Data subjects can exercise the rights set forth in Articles 15-22 of the GDPR in relation to the Company, and more specifically:
- request access to data concerning them and the information pursuant to Article 15 (the purposes of the processing, the categories of personal data concerned, etc.) disclosed with this policy;
- obtain the erasure of personal data pursuant to Article 17 if the Company no longer has the right to process them1;
- obtain the rectification of inaccurate personal data or have incomplete personal data completed;
- obtain restriction of the processing (i.e. temporarily making the data available for storage only) in the cases provided for by Article 18 of the GDPR2;
- object, on grounds relating to their particular situation, at any time to processing carried out on the basis of the legitimate interest of the controller; easily and free or charge;
- receive the personal data concerning them a structured, commonly used and machine-readable format and, where technically feasible, transmit those data to another controller without hindrance, where the processing is based on consent or on a contract and the processing is carried out by automated means.
To exercise these rights, data subjects may contact the Company at any time by sending a request to the address indicated in Section 1.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority or in any case with the competent supervisory authority in the Member State in which they usually reside or work, or in the State in which the alleged violation occurred.
1 In particular, data subjects have the right to obtain the erasure of personal data concerning them where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) or point (a) of Article 9 (2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1).
2 Data subjects have the right to obtain restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.