COOKIE POLICY FOR THE VIALATTEA.IT WEBSITE
Articles 13 and 14 of Regulation (EU) 2016/679
This document was drafted to inform users, in accordance with articles 13 and 14 of Regulation (EU) 2016/679, of personal data processing performed through this website. Personal data processing occurs pursuant to current legislation on personal data processing and to the principles of accuracy, lawfulness, transparency and data protection. We hereby specify that this policy strictly refers to the data of those interacting with the services accessible from the homepage of the website http://www.vialattea.com (hereinafter also referred to, for the sake of brevity, ‘the Website’) and not other websites eventually accessed by the user through links present on http://www.vialattea.com.
The Data Processor is SESTRIERES SpA, with headquarters at 4 Piazza Agnelli, 10058 Sestriere, Turin.
Sestrieres S.p.A. has named Spazio srl as the Data Protection Officer (DPO) and Massimiliano Bonsignori as the representative of the latter.
This policy is a general obligation that must be fulfilled before or, at the latest, at the time of direct collection of personal data. In case personal data are not collected directly from the data subject, the policy shall be provided within a reasonable time or at the moment of the communication (not the recording) of data (to third parties or to the data subject). Pursuant to the General Data Protection Regulation for identifiable persons (GDPR – Reg. (UE) 2016/679), the undersigned organization – the Data Processor – hereby provides the following information:
SOURCES AND CATEGORIES OF PERSONAL DATA
Personal data owned by the undersigned organization are collected directly from the data subjects. This website does not collect special categories of personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, trade union membership, health condition or sex life.
NAVIGATION DATA
The IT systems and the software procedures designed for website operation acquire, throughout their regular operation, personal data whose transmission is implicit to the use of Internet communication protocols. These data are not collected to be associated to specific data subjects, but by their nature may – through processing and association to data owned by third parties – allow an identification of the users. This data category includes IP addresses, domain names of the computers used by the users to browse the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of requests, the method used to present requests to the server, the sizes of files received in response, the numeric code identifying the status of the server reply (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment. These data are used for the sole purpose of retrieving anonymous statistical information related to the use of the website and to check its suitable operation. The data are deleted immediately after they are processed. The data may be used to verify liability in case of eventual cybercrimes committed against the website.
PROFILING DATA
Profiling data related to the habits or consumption choices of the data subject are not directly acquired. Nevertheless, it is possible that – through links or third-party elements – such data may be acquired by third parties or discerned. See the Third-party Cookies section for more information.
COOKIES
Like other websites, this website saves cookies through the browsers used by the data subjects to transfer personal information and boost user experience. In fact, cookies are small strings of text that the websites browsed by users send to their terminal (usually the browser), where they are stored, at times even for long periods of time, to be re-sent to the same websites upon future visits.
As explained hereinafter, users may choose what cookies to accept and whether or not to accept them, considering that rejecting them may affect the ability to perform certain operations on the websites, the accuracy and suitability of certain customizable content offered or the ability to recognize the user upon a second visit. In case no related choice is made, the preset settings shall be applied and all cookies – all essential cookies – shall be activated. In any case, the user may communicate or change any related decision at any time.
The Website (http://www.vialattea.it) uses cookies to make its services simple and efficient for the users viewing Website pages. Users browsing the Website will see a minimum quantity of information on their devices – whether they are computers or mobile devices – in small text files called ‘cookies’, which are saved in the directory used by the users’ browsers. Various types of cookies exist: some make Website browsing more efficient, others activate certain functions.
In particular, our cookies allow us to:
- memorize the preferences selected;
- avoid the re-insertion of the same information, such as usernames and passwords, more than once during a visit;
- analyse the use of services and content provided by Vialattea.it to optimize user experience and services offered.
TYPES OF COOKIES WE MAY USE ON OUR WEBSITE
Our website may use both cookies that require your consent to be enabled on your device and cookies that may be enabled without your consent.
- Essential cookies (do not require your prior consent): These cookies are required for website operations and cannot be disabled by our systems. They are usually set up in response to user actions involving a service request, such as the setup of privacy preferences, login, or form filling. You may change your browser settings to block or receive notices concerning such cookies but, consequently, certain parts of the website will not work. These cookies do not store personal data.
- Performance cookies (require your prior consent): These cookies allow us to count website visits and traffic to measure and improve website performance. They help us know what the most and least popular pages are and the ways our visitors browse our website. All data collected by such cookies is aggregate, thus anonymous data. If you do not allow such cookies, we shall not know when you have visited our website.
- Functionality cookies (require your prior consent): These cookies allow the website to offer advanced functionality and customization. They may be installed by us or by third-party providers whose services were added to our pages. Should consent to use these cookies be denied, some or all of such services may not function properly.
- Targeting and advertising cookies (require your prior consent): These cookies may be installed through our website by our advertising partners. They may be used by such companies to create a profile of your interests and show you related ads on other websites. They do not directly memorize personal information but are strictly based on the identification of your browser and your Internet browsing device. If you do not accept such cookies, you will see less targeted advertising.
List of cookies used by the website https://vialattea.it
- AKA_A2: a functional cookie provided by Akamai and used to accelerate the delivery of website content. Its lifetime for data collection amounts to the session.
- _gat: a cookie provided by Google Analytics whose function is to ‘read and filter bot requests’. It has a statistical function and its lifetime for data collection amounts to one minute.
- _gcl_au: a cookie provided by Google AdSense whose function is to ‘store and keep track of conversions’. It has a marketing/tracking function and its lifetime for data collection amounts to three months.
- _fbp: a cookie provided by Facebook whose function is to store and keep track of visits of various websites. It has a marketing/tracking function and its lifetime for data collection amounts to three months.
- current_season: a top-level functional cookie whose function is to identify seasonal graphic design. Its lifetime for data collection amounts to one day.
- is_device: a top-level functional cookie whose function is to identify the type of device through which the Website is being consulted. Its lifetime for data collection amounts to one month.
- OptanonAlertBoxClosed cookie provided by OneTrust: a cookie set up by websites based on versions of the OneTrust solution for cookie legislation compliance. It is installed after the visitor has seen a cookie notice and, in certain cases, only after the visitor actively closes the notice. Its function is to allow the Website to show the notice to the user no more than once. Its lifetime is one year and it does not contain personal data. Its lifetime for data collection amounts to one year and six months.
- OptanonConsen: a functionality cookie provided by OneTrust. Its function is to memorize information of the categories of cookies used by the Website and whether the user has accepted or rejected its use for each category. Its lifetime for data collection amounts to one year.
- wp-wpml_current_language: a functionality cookie provided by WPML. Its function is to set up the default language of the Website. Its lifetime for data collection amounts to the session.
METHOD FOR MANAGEMENT OF COOKIE CONSENT OR REJECTION
When users enter the Website and their browser is set up to accept cookies, they may express their preferences concerning the various types of cookies through the popup banner appearing on the Website pages. Such preferences shall be recorded by a specific cookie consent management platform developed in compliance with the principles of applicable personal data regulations to allow the user to make definitive choices. The cookie consent platform allows the user to accept or reject different types of cookies, both directly released by the Data Controller and by its eventual partners and suppliers. This means that expressing a preference for individual cookies or third parties is not required. The different cookie types are identified and classified based on the purposes for which the cookies are issued and used, thus making their identification simpler and more straightforward.
In particular, when users access the Website they may choose, through the popup banner, to:
- accept the installation of all the aforementioned categories of cookies by clicking on the ‘Accept’ button;
- reject the installation of all the aforementioned categories of cookies by clicking on the ‘Reject All’ button;
- access the ‘Learn more and customise’ link to choose what categories of cookies to accept or reject based on purposes or third-party owners;
- close the banner through the specific ‘X’ button in the top-right corner.
HOW CAN I MAKE CHANGES TO MY COOKIE PREFERENCES THROUGH THE WEBSITE?
In the event that users have previously selected cookie preferences and thus do not view the related banner upon entering the Website, they may, at any time, access the platform for cookie consent management and adjust the related preferences. On this matter, it is important that the users know that the choices made for the Website shall be valid for the entire second-level domain the latter belongs to.
DISABILING COOKIES
Nearly all browsers offer the possibility to manage and disable cookies to respond to user preferences. Some browsers allow the users to set up cookie management rules for individual websites, thus granting more specific privacy control. Some browsers also offer incognito mode browsing, which entails that all cookies created in such mode are deleted upon quitting the browser.
Consult the following instructions for cookie management of each browser:
DATA VOLUNTARILY PROVIDED BY THE USER
The discretional, explicit and voluntary sending of e-mails to the addresses specified on the website implies the acquisition of the sender’s e-mail address – necessary to answer user requests – and of other personal data eventually communicated in the e-mails. Voluntary and explicit sending of forms present on the Website and containing data of the data subject also implies processing to comply with pre-contractual obligations or for the performance of services implicit to the sending of forms. The data included in the forms may be personal data, contact information, telephone numbers and e-mails of the data subjects and/or identified/identifiable third parties assigned by the user. Specific summary notices shall be, in any case, shown or provided on the website pages allocated to specific on-demand services.
PURPOSES AND LAWFUL BASIS FOR PROCESSING
Personal data are used (see: Article 6, paragraph 1, item (b) of the GDPR): to allow Website navigation and eventually to perform the services or actions requested in the context of the regular activity performed by the undersigned organization (ATECO – Italian institute of statistics classification – code: 493901).
Moreover, all personal data may be processed:
- for the purposes related to the legal obligations and the rules imparted by the authorities legally recognized for such purposes (see: Article 6, paragraph 1, item (c) and Article 9, paragraph 2, items (b), (g) and (h) of the GDPR);
- for the verification, exercise or defence of a right of the undersigned organization in a judicial or extrajudicial context (legitimate interest) (see: Article 6, paragraph 1, item (f) and Article 9, paragraph 2, item (f) of the GDPR).
CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA
Supply of the data subject’s data is optional but essential to process the same for the purposes specified in items (a) and (b). Should the data subjects not communicate their essential data and not approve processing, the undersigned organization will not be able to offer or implement its services or fulfil its contractual obligations. Consequently, the correct fulfilment of the legal obligations – e.g. accounting, tax and administrative obligations – shall be compromised.
Other than the information provided for navigation data, users are free to provide personal data for cookies and specific requests through forms related, for instance, to goods and/or services. Failure to provide such forms may prevent supply of the requested goods/services. Provision of non-essential data, including special categories of personal data, is optional. Denial or provision of incomplete or erroneous consent of certain data, including special categories of personal data, may compromise or lead to fines or loss of benefits, both for the impossibility to guarantee the coherence of the data processing with the obligations for which it is performed and for the lack of conformity of the results of data processing with the legal obligations it is based on. The undersigned organization is thus exempt from any liability for eventual fines or related disciplinary action.
DATA PROCESSING METHOD
Processing related to the Website services occurs through automated tools strictly for the time required to achieve the purposes for which the data were collected. It occurs through servers in Italy or the EU and is managed strictly by technical staff in charge of data processing or by eventual persons in charge of maintenance and administration. Specific safety measures have been implemented to prevent data loss, illegal or incorrect use, unauthorized access and loss of confidentiality. The facility is equipped with intrusion prevention, firewalls, logs and disaster recovery systems. Specific data encryption and segregation systems as well as user authentication and authorization systems are implemented.
Data processing involves data collection, recording, management, storage, development, modification, cancellation and disposal or the combination of two or more such operations. In terms of the aforementioned purposes, personal data processing may occur through manual, IT or telecom systems with methods strictly related to the purposes. In any case, in order to guarantee the safety and privacy of the personal data, they shall be processed pursuant to the methods specified in Article 5 of Regulation (EU) 2016/679, which entails, among other conditions, that the data are processed lawfully and correctly and that they are collected and stored for specific, explicit and legitimate purposes and that – if necessary – they are updated and relevant, complete and not further processed in a manner that is incompatible with the initial purposes of processing. Data processing shall comply with fundamental rights and freedom along with the dignity of the data subjects, especially in relation to privacy and personal identity, through protective and safety measures. The undersigned organization has set up and shall additionally improve its safety, access and data storage systems.
No automated decision-making systems (e.g. profiling) are used.
EXTRA-EU TRANSFER
Data processing shall occur mainly in Italy and the EU but may also occur in extra-EU and extra-EEA countries should it be deemed instrumental in the efficient fulfilment of the purposes pursued in compliance with the guarantees offered to the data subjects. Finally, the Data Processor is not liable for processing occurring in extra-EU and extra-EEA countries whenever – upon request of the data subject – connection to the Website occurs in such countries.
STORAGE TIME
Generally speaking, personal data shall be stored as long as the purposes for processing instrumental to the category of data processed are applicable.
CATEGORIES OF RECIPIENTS
The data (essential data only) is shared:
- With Data Processors and persons in charge of processing, both internal and external to the undersigned organization, which perform specific roles and operations (website administration, navigation/traffic/profiling data analysis, handling of e-mails and forms sent voluntarily by users, processing of e-commerce orders and requests, etc.);
- in cases and with subjects as specified by law.
The data shall not be disseminated unless otherwise specified by law or in the anonymous form. Notwithstanding the aforementioned indications for cookies and third-party elements, the only performable services without prior consent by the data subject to communication to third parties shall be those that do not imply such consent. In case of need, specific consent shall be requested, and the subjects that will receive the related data shall use them in the capacity as independent data controllers.
In certain cases (not pertaining to ordinary management of this Website), an Authority may request news and information for the purposes of supervision of personal data processing. In these cases, a response by the data subject is compulsory: failure to respond shall lead to an administrative sanction.
RIGHTS OF THE DATA SUBJECTS
The data subjects have the right, at any time, to: exercise their rights (access, correction, deletion, limitation, portability, opposition, elimination of automated decision-making systems), where applicable, in relation to the Data Processor, pursuant to articles 15-22 of the GDPR (regulation); lodge a complaint to the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority, www.garanteprivacy.it); should processing be based on consent, withdraw such consent, considering that the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
CONTACT INFORMATION
The Data Processor is SESTRIERES S.p.A., with headquarters at 4 Piazza Agnelli, 10058 Sestriere (Turin), tax code and VAT number 00941880015, e-mail: privacy@vialattea.it, Tel. 0122799411/460.
Sestrieres has named Spaziottantotto S.r.l. its Data Protection Officer (DPO), represented by Massimiliano Bonsignori. Requests must be made through the e-mail address privacy@vialattea.it, by calling +39 0122.799.411 or by sending a fax to +39 0122.799.460.
This document is the Web Policy for the website Vialattea.it and is subject to updates. It is the responsibility of the user to consult the document in its updated versions.