Cookie Policy provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)

 

In this document (“Cookie Policy”), the Data Controller, as defined below, wishes to inform you about the methods and purposes of processing your personal data resulting from the use of cookies and other tracking tools on the website www.u15assago.it (hereinafter collectively referred to as the “Website”), in compliance with the provisions issued by the Privacy Guarantor on May 8, 2014 “Identification of simplified methods for the information and acquisition of consent for the use of cookies” and subsequent clarifications and updates, Article 122 of Legislative Decree 30 June 2003, no. 196 (known as the “Privacy Code”) and Article 13 of the GDPR.

  1. Data Controller and Data Protection Officer

The Data Controller is Redfish Design SRL, with registered office at Via Attilio Valè 99, Noviglio, represented by its pro tempore legal representative (hereinafter the “Controller”).

To exercise your rights, listed in the following Article 7, or for any other requests related to them and/or this Notice, you can contact the Controller at the following addresses:

Email: redfishdesign@pec.it

  1. What are cookies and what are they used for?

Cookies are small text strings, usually consisting of letters and/or numbers, that websites visited by the User send and place on their terminal (usually through the browser) where they are stored and then retransmitted to the same websites that generated them during the User’s subsequent visit, thus remembering the User’s previous interaction with the Website.

The information encoded by cookies includes personal data (e.g., IP address, username, email address, etc.) or non-personal data such as language settings or information about the type of device used by the User to browse the Website.

Cookies perform various functions and allow you to navigate the Website efficiently, remembering User preferences and improving the browsing experience. For example, cookies are used to store computer authentications, the User’s preferred language, or other information or preferences regarding specific configurations, monitor sessions, facilitate and make more efficient the use of online content, show the User advertisements that might be of interest, etc.

  1. General categories of cookies

Depending on the criterion considered, cookies can be classified into various categories.

For example, depending on the subject that installs cookies on the User’s terminal, we distinguish: (a) “first-party cookies,” installed directly by the manager of the website visited by the User and visible only to them; and (b) “third-party cookies” installed by the manager of another website, who installs cookies through the first one.

Based on the duration of processing, we can distinguish: (a) “session cookies,” which are temporarily stored during the browsing session and are automatically deleted from the User’s terminal after closing the browser; and (b) “persistent cookies,” which remain on the User’s terminal until a predetermined expiry date or until they are deleted.

The classification that best responds to the rationale of data protection regulations distinguishes cookies into two macro-categories:

  • “technical cookies,” which are strictly necessary for the proper functioning of the website or its operation based on the User’s navigation choices. This category includes so-called “browsing cookies,” which ensure normal navigation and use of the website (e.g., allowing regular page viewing or scrolling, etc.) as well as so-called “functionality cookies,” which allow the User to navigate the website according to the criteria they have selected (e.g., language, products selected for purchase) to improve the requested service. Technical storage and access to information contained in technical cookies do not require User consent.
  • “profiling cookies,” which analyze and record the recurring actions or behavioral patterns carried out by the User in using the Website’s functionalities to (i) create a User profile, (ii) classify them within different profiles that group homogeneous groups of users, (iii) ultimately send the same User targeted advertising messages in line with the preferences expressed during web browsing. Technical storage and access to information contained in technical cookies are subject to the User’s consent.

To the two macro-categories mentioned above, we can add the so-called “analytical cookies,” used to process statistical analyses, such as analyses aimed at (i) evaluating the effectiveness of the services provided through the Website, (ii) designing the Website, or (iii) measuring its “traffic,” i.e., the number of visitors, possibly classified based on characteristics of interest (e.g., geographic area, time slot, etc.).

The processing of data collected through analytical cookies does not require User consent if such data is used solely to produce aggregate statistics concerning a single website or mobile application and, for data collected with third-party analytical cookies, only if (a) the structure of the third-party analytical cookie is such that it reasonably prevents User identification and if (b) the “third-party” refrains from actions on the data (e.g., combination, enrichment, etc.) aimed at identifying the User. If these specific conditions are met, analytical cookies (both first and third-party) are comparable to technical cookies.

4. Categories of Third Parties That May Process User Personal Data

The User’s personal data may be processed by third parties belonging, by way of example, to the following categories:

  • Providers of technical assistance services for the management and maintenance of the Website;
  • Advertising agencies;
  • Providers of statistical processing services on the use of the Website;
  • Companies that provide management and maintenance services for the Data Controller’s information systems;
  • Commercial partners;
  • Companies owning social media sites;
  • Companies that offer email sending services or other external telematic platform providers for sending communications;
  • Authorities and supervisory and control bodies and, in general, public or private entities with public functions entitled to request data according to the provisions of current national and European regulations;
  • Companies, associations, or professional firms that provide assistance and consultancy activities.

The entities belonging to the categories mentioned above may, in some cases, act as Data Processors specifically appointed by the Data Controller in compliance with Article 28 GDPR, while in other cases, they may operate in total autonomy as separate Data Controllers. In the latter case, the communication of your personal data to these autonomous Controllers would only occur to pursue the purposes mentioned in the previous section 4.

The complete and updated list of subjects to whom your personal data may be communicated can be requested by contacting the Data Controller at the address indicated in Article 1 of this Cookie Policy.

Data collected using cookies will not be disseminated.

8. Rights of the Data Subject

In relation to the processing described in this Information Notice, as a data subject, you may, under the conditions set out in the GDPR, exercise the rights provided for in Articles 15 – 21 of the GDPR, in particular:

  • Right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to your personal data – including a copy of the same – and communication of, among other things, the information referred to in Article 15 of the GDPR;
  • Right to rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data pursuant to Article 16 of the GDPR;
  • Right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise, or defense of legal claims;
  • Right to restriction of processing: the right to obtain the restriction of processing in the cases provided for in Article 18 of the GDPR;
  • Right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to the Data Controller and the right to transmit those data to another controller without hindrance, where the processing is based on consent and is carried out by automated means, according to Article 20 of the GDPR. Furthermore, the right to have your personal data transmitted directly from one controller to another where technically feasible;
  • Right to object: the right to object to the processing of personal data concerning you, unless there are compelling legitimate grounds for the Data Controller to continue the processing, pursuant to Article 21 of the GDPR;
  • Right to withdraw consent: the right to withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal;
  • Right to lodge a complaint: the right to lodge a complaint with the Data Protection Authority, Piazza Venezia 11, 00187, Rome (RM).

The above rights may be exercised, against the Data Controller, by contacting the references indicated in the previous Article 1. The Data Controller will take charge of your request and provide you with, without undue delay and, in any case, at the latest within one month from the receipt of the same, the information relating to the action taken concerning your request.

The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including due to their repetitive nature, the Data Controller may charge you a reasonable fee based on the administrative costs incurred to handle your request, or refuse to fulfill your request.

Finally, we inform you that the Data Controller may request additional information necessary to confirm the identity of the data subject.

The Controller
Pasquale Pinto