Cookie Policy
With respect to data processed through the use of cookies and other tracking tools on this site
The following information is made to the user in implementation of the Guidelines of the Italian Data Protection Authority of May 8, 2014 "Identification of simplified procedures for information and acquisition of consent for the use of cookies."
Data Controller
Ipazia S.p.A.
Piazza Pio XI, n. 1
20123 – Milano (MI)
Contatto e-mail: info@ipazia.com
Data Protection Officer (DPO)
Avv. Vera Cantoni,
Via F. Turati n. 26, 20121, Milano (MI)
E-mail contact: pls@ipazia.com
WHAT ARE COOKIES?
Cookies are small text strings that a website can send, while you are browsing, to your device (be it a pc, notebook, smartphone, tablet; they are usually stored directly on the browser used for browsing). The same website that sent them, then can read and record cookies that are on the same device to obtain various types of information. Which ones? For each type of cookie there is a well-defined role.
HOW MANY TYPES OF COOKIES ARE THERE?
There are two basic macro categories with different characteristics: technical cookies and profiling cookies.
Technical cookies are generally necessary for the website to function properly and allow navigation; without them you may not be able to view pages properly or use certain services. For example, a technical cookie is essential to keep you logged in throughout your visit to a website, or to store language settings, display settings, and so on. Technical cookies can be further distinguished into:
· Navigation cookies, which ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas);
· analytics cookies, assimilated to technical cookies only where used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site.
· Functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g., language, products selected for purchase) in order to improve the service rendered to the user.
Profiling cookies are more sophisticated! These cookies are intended to profile the user and are used in order to send advertising messages in line with the preferences expressed by the user while browsing.
Cookies can, again, be classified as:
· Session cookies, which are deleted immediately when the browsing browser is closed;
· Persistent cookies, which - unlike session cookies - remain within the browser for a specified period of time. They are used, for example, to recognize the device connecting to the site by facilitating authentication operations for the user.
· First-part cookies (first-part cookies) i.e., cookies generated and managed directly by the entity operating and/or owning the website on which the user is browsing.
· third-party cookies (third-part cookies), which are generated and managed by parties other than the operator of the website and/or web Controller on which the user is browsing (also by virtue, of a contract between the website Controller and the third party). Third-party cookies may also include the profiling cookies mentioned and described above (for such possible types of cookies, please refer to what has been said above, also with reference to the prior acquisition of free consent). As far as third-party cookies are concerned, detailed and up-to-date information on their use and related deadlines can be found in the specific information pages of the third parties, which can possibly be accessed through appropriate links, affixed in the description of the individual cookies used and, in the case, below.
EXERCISE OF DATA SUBJECT'S RIGHTS
The data subject, in relation to the personal data covered by this notice, is entitled to exercise his or her rights under the EU Regulation below:
· Data subject's right of access [Art. 15 of the EU Regulation]: the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data relating to him/her are being processed and, if so, access to the information expressly provided for in the aforementioned article, including but not limited to the purposes of the processing, the categories of data and recipients, the storage period, the existence of the right to erasure, rectification or restriction, the right to lodge a complaint, all available information on the origin of the data, the possible existence of an automated decision-making process pursuant to Art. 22 of the Regulation, as well as copies of their personal data.
· Right to rectification [Art. 16 of the EU Regulation]: the data subject has the right to obtain from the controller the rectification and/or integration of inaccurate personal data concerning him/her, without undue delay;
· Right to erasure ("right to be forgotten") [Art. 17 of the EU Regulation]: the data subject has the right to the erasure of his or her personal data without undue delay, if there is one of the reasons expressly provided for in the aforementioned article, including but not limited to the fact that the processing is no longer necessary in relation to the purposes, revocation of the consent on which the processing is based, objection to the processing if it is based on a legitimate interest that is not overriding, unlawful processing of data, erasure due to legal obligations, data of minors processed in the absence of the conditions of applicability provided for in Article 8 of the Regulation;
· Right to limitation of processing [Art. 18 of the EU Regulation]: in the cases provided for in Art. 18, including unlawful processing, contestation of the accuracy of the data, objection by the data subject, and the cessation of the need for processing by the data controller, the data subject's data must be processed only for preservation unless the data subject's consent is obtained and the other cases expressly provided for in the aforementioned article;
· Right to data portability [Art. 20 of the EU Regulation]: the data subject, in cases where processing is based on consent and contract and is carried out by automated means, may request to receive his or her personal data in a structured, commonly used and machine-readable format, and has the right to transmit it to another data controller;
· Right to object [Art. 21 of the EU Regulation]: the data subject has the right to object to the processing of his or her personal data if the processing is based on a legitimate interest that is not overriding or is carried out for direct marketing purposes;
· Right not to be subjected to automated decision-making [Art. 22 of the EU Regulation]: the data subject has the right not to be subjected to a decision, including profiling, based solely on automated processing (e.g. carried out exclusively by electronic means or computer programs).
The above description is not a substitute for the text of the articles cited therein, which are referred to here in their entirety and for the full reading of which please refer to the last section of this cookie policy.
WHAT COOKIES IPAZIA S.P.A. USES.
1) FIRST-PARTY COOKIES
1-A) TECHNICAL COOKIES
Among said technical cookies, described above, we point out essential or navigation cookies, which enable functions, without which it would not be possible to fully or completely use the Site.
These cookies are first-party cookies. Essential cookies cannot be disabled using the features of the Site
Also included in the scope of technical cookies are the functionality cookies, mentioned above, and also the so-called "analytics" cookies, which pursue exclusively statistical purposes and collect information in aggregate form without the possibility of tracing the identification of the individual user.
Users' prior consent is not required for the installation of such cookies. These cookies can also be disabled and/or deleted through the browser settings (see below). Such deletion is not equivalent to withdrawal of consent.
If the use of cookies is blocked, the service offered to you through the Site will be limited, thereby affecting your experience of using the Site.
Below, for each technical cookie used we report: the name, purpose of use, and retention time.
Necessary cookies (including navigation cookies).
Finally, below are links to the most popular browsers, where there is information about how to disable storage or delete cookies already stored on the browser:
Notice regarding children under the age of 14
Minors under the age of 14 may not provide personal data. Ipazia S.p.A. will not be in any way responsible for any collection of personal data, as well as false statements, provided by the minor, and in any case, should it be found to be used, Ipazia S.p.A. will facilitate the right of access and cancellation forwarded by the legal guardian or those exercising parental responsibility.
Changes and updates
This policy shows the date of its last update in its header. Ipazia S.p.A. may also make changes and/or additions to this privacy policy as a consequence of any and all subsequent regulatory changes and/or additions.
Normative references on the rights of the data subject
Article 15
Data subject's right of access
1. The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:
(a) the purposes of processing;
(b) the categories of personal data in question;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;
(d) when possible, the expected period of retention of personal data or, if not possible, the criteria used to determine this period;
(e) the existence of the data subject's right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
(f) the right to file a complaint with a supervisory authority;
(g) if the data are not collected from the data subject, all available information on their origin;
(h) the existence of automated decision-making, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information about the logic used, as well as the importance and the expected consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or international organization, the data subject has the right to be informed of the existence of appropriate safeguards under Article 46 relating to the transfer.
3. The data controller shall provide a copy of the personal data undergoing processing. ln the event of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not infringe upon the rights and freedoms of others.
Article 16
Right of rectification
The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
Article 17
Right to erasure ("right to be forgotten")
1. The data subject shall have the right to obtain from the data controller the erasure of personal data that he or she concern them without undue delay, and the data controller is obliged to erase the personal data without undue delay if one of the following grounds exists:
(a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
(c) the data subject objects to processing under Article 21(1) and there is no overriding legitimate reason for processing, or objects to processing under Article 21(2);
(d) personal data have been processed unlawfully;
(e) personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
(f) personal data have been collected in connection with the provision of information society services referred to in Article 8(1).
2. Where a data controller has made personal data public and is obliged under paragraph 1 to erase it, taking into account available technology and the costs of implementation it shall take reasonable measures, including technical measures, to inform data controllers who are processing personal data of the data subject's request to erase any link, copy or reproduction of his or her personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:
(a) for the exercise of the right to freedom of expression and information;
(b) for the performance of a legal obligation requiring the processing provided for by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
(c) for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
(d) for the purposes of archiving in the public interest, scientific or historical research, or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(e) for the establishment, exercise or defense of a right in court.
Article 18
Right to limitation of treatment
1. The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:
(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
(b) the processing is unlawful and the data subject objects to the deletion of personal data and instead requests that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a right in court;
(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller outweigh those of the data subject.
2. Where processing is restricted pursuant to paragraph 1, such personal data shall be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defense of a right in a court of law or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
3. A data subject who has obtained the restriction of processing pursuant to paragraph 1 shall be informed by the data controller before such restriction is lifted.
Article 19
Obligation to notify in case of rectification or erasure of personal data or restriction of processing
The controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out pursuant to Article 16, Article 17(1) and Article 18, unless this proves impossible or involves a disproportionate effort. The data controller shall notify the data subject of such recipients if the data subject so requests.
Article 20
Right to data portability
1. The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and shall have the right to transmit such data to another data controller without hindrance by the data controller to whom he or she has provided them if:
(a) the processing is based on consent under Article 6(1)(a) or Article 9(2)(a) or a contract under Article 6(1)(b): and
(b) the processing is carried out by automated means.
2. When exercising his or her rights with regard to data portability under paragraph 1, the data subject has the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17, This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the data controller.
The right referred to in paragraph 1 shall not infringe on the rights and freedoms of others.
Article 21
Right of opposition
1. The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of those provisions, The controller shall refrain from further processing the personal data unless he or she demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
3. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using specific techniques.
6. Where personal data are processed for scientific or historical research or statistical purposes pursuant to Article 89(1), the data subject shall have the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her, except where the processing is necessary for the performance of a task carried out in the public interest.
Article 22
Automated decision-making related to natural persons, including profitability
1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her in a similar significant way.
2. Paragraph 1 does not apply in case the decision:
(a) is necessary for the conclusion or performance of a contract between the data subject and a data controller;
(b) is authorized by the law of the Union or the Member State to which the data controller is subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject;
(c) is based on the explicit consent of the data subject.
3. In the cases referred to in paragraph 2 (a) and (c), the data controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention by the data controller, to express his or her opinion and to challenge the decision.
4. Decisions under paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1) unless Article 9(2)(a) or (g) applies and appropriate measures are in place to protect the rights, freedoms and legitimate interests of the data subject.