Updated to EU General Data Protection Regulation (GDPR) 2016/679
When the user brows our Website, using its services and features, Italnoli srl. may collect and process information about the user. Specific privacy information notices are normally published in the Website sections in which users’ personal data are collected, under the terms of art. 13/15 of the GDPR. Where that occurs, processing is performed on the basis of the user’s consent. If the user provides personal data of third parties, users are responsible for any third-party Personal Data provided and confirms to have the third party's consent to provide the Data to the Owner, in compliance with GDPR UE 2016/679.
2) The Data we process
Visiting our website does not generally involve the collection and/or processing of any personal information, except for browsing data and cookies as specified below. In addition to the browsing data (see below), personal data voluntarily provided by the user may be processed when using some features or asking for some services available in the Site. In compliance with the GDPR, Italnoli srl when performing its activities, could also collect the user’s personal data from third parties.
3) Cookies and browsing data
Please read the dedicated section
4) Data storage
Personal data are stored and processed through informatics systems owned and managed by Italnoli srl. or by external third party as technical service providers; for more details, please refer to the following section "Purposes and means of personal data processing”. Only authorized personnel has access to personal information, including the staff assigned to carry out extraordinary maintenance operations.
5) Purposes and means of personal data processing
The personal data collected will be processed by Italnoli srl in accordance with the following purposes: use of the website, management of enquiries and claims, sending newsletters, management of applications sent through the Website, etc..
Furthermore, with your optional consent, your ordinary personal data may also be used for institutional communications All your data are processed using automatic and electronic instruments suitable to ensure full security and confidentiality, complying with the purpose of GDPR 2016/679, and the processing of your personal data will be based on principles of correctness, lawfulness, integrity and confidentiality. Your personal data, in accordance with GDPR 2016/679 will be stored for 10 years
6) Personal data’s security and quality
Italnoli srl undertakes to ensure security of the user’s personal data and to comply with provisions on security provided by law to avoid data loss, illegitimate or unlawful uses of data or unauthorized access to data, with particular reference to the Technical Guideline for Minimal Data Protection Safeguards.
Informatics systems and programs used by Italnoli srl are set up for reducing as much as possible the use of personal and identifying data. Such data are processed only to the extent required to achieve the purposes indicated in this Policy.
Italnoli srl. uses many types of advanced security technologies and procedures intended to aid protection of the user’s personal data; for example, personal data are held on secure servers located on premises with protected and controlled access. The users can update and correct their personal data by communicating to Italnoli srl any change of address, contact information, etc.
7) Data communication and access
The user’s data can be communicated and processed by:
- legitimate recipients identified from time to time by the applicable laws
- our staff members who require processing the data for performing their job duties
- natural and/or legal persons, public and/or private so far as the communication is necessary or functional for performing our business, for the purpose and in the manner described above;
8) Your rights
8.1 Art. 15 (Right of access by the data subject) , Art. 16 (Right to rectification) of REGULATION (EU) 2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
8.2 Art. 17 Right to erasure (‘right to be forgotten’) of REGULATION (EU) 2016/679
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
8.3 Art. 18 GDPR Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
8.4 Art. 20 GDPR Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
9. Withdrawal of consent for personal data processing
Data Controller and DPO:
By contacting the Controller the data subject can, at any time, exercise the rights pursuant to Articles 15-22 of the GDPR and shall have the right to withdraw his/her consent for personal data processing. Requests should be sent to the Data Controller at the contact information set out above.
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
WHAT ARE COOKIES IN COMPUTERS?
Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.
Cookies are created when a user's browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Computer Cookies are created not just by the website the user is browsing but also by other websites that run ads, widgets, or other elements on the page being loaded. These cookies regulate how the ads appear or how the widgets and other elements function on the page.
STANDARD USES FOR BROWSER COOKIES
Website servers set cookies to help authenticate the user if the user logs in to a secure area of the website. Login information is stored in a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.
Session Cookies are also used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages. By default, web pages really don't have any 'memory'. Cookies tell the server what pages to show the user so the user doesn't have to remember or start navigating the site all over again. Cookies act as a sort of “bookmark” within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.
Persistent or Tracking Cookies are also employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/or lets user leave a part of the user's “personality” at the site.
STRICTLY NECESSARY COOKIES
These cookies are necessary for the website to function properly. They enable you to navigate around the site, search for flights and other services, and make bookings. Without these cookies we could not provide the services that you come to the site for.
These cookies allow us to understand how visitors use our site, so we can measure and improve how the site works. For example they help us to know which pages are the most and least popular. They count things like the number of visitors, how long people spend on the site and how they find it. This lets us know where we are doing well, and where we can improve, as well as making sure the pages load quickly and display properly. All information these cookies collect is anonymous and not tied to any personal information about you. We use services from Google, Adobe and Marin Software to perform these functions.
OTHER COOKIES, SUCH AS THIRD-PARTY COOKIES
These cookies are used to enable us to provide enhanced functionality, and more personal information and features. This includes being able to watch YouTube videos, providing information about certain destinations, and also allowing you to share content through social networks. These services are mostly provided by third parties. If you have an account, or use the services of these parties on other websites, then they may be able to know that you have visited our sites. The use of data collected through cookies by those third parties is subject to their own privacy policies; therefore we identify these cookies by the parties setting them.
COOKIE SECURITY AND PRIVACY ISSUES
Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.
Cookies CAN be used for malicious purposes though. Since they store information about a user's browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware. Many anti-spyware products are well aware of this problem and routinely flag cookies as candidates for deletion after standard virus and/or spyware scans.See here for some privacy issues and concerns.
Most browsers have built in privacy settings that provide differing levels of cookie acceptance, expiration time, and disposal after a user has visited a particular site. Backing up your computer can give you the peace of mind that your files are safe.
OTHER COOKIE-BASED THREATS
Since identity protection is highly valued and is every internet users right , it pays to be aware of what threat cookies can pose.
As cookies are transmitted back and forth between a browser and website, if an attacker or unauthorized person gets in between the data transmission, the sensitive cookie information can be intercepted. Although relatively rare, this can happen if the browser is connecting to the server using an unencrypted network like an non-secured WiFi channel.Internet security is only attainable if you regualrly use a anti-virus protection programme.
Other cookie-based attacks involve exploiting faulty cookie-setting systems on servers. If a website doesn't require browsers to use encrypted channels only, attackers can use this vulnerability to trick browsers into sending sensitive information over insecure channels. The attackers then siphon off the sensitive data for unauthorized access purposes.
Rather than the "Opt out" option for website visitors, websites will need to specifically gain the consent of their visitor and they must "Opt In" to be able to store cookies on their computer or other devices.This is expected to be difficult to manage and enforcement will more than likely be done subtlely and with encouragement rather than with the threat of fines and penaltys.
What does the new law say? The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent. 6 (1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment-- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent. (3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use. “(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent. (4) Paragraph (1) shall not apply to the technical storage of, or access to, information-- (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
KEY TIPS FOR SAFE AND RESPONSIBLE COOKIE-BASED WEB BROWSING
Customize your browser's cookie settings to reflect your comfort level with cookie security or use the cookie cleaner included in Abine's free Privacy Suite.
If you are very comfortable with cookies and you are the only person using your computer, you may want to set long expiration time frames for storing your personal access information and browsing history.
If you share access on your computer, you may want to set your browser to clear private browsing data every time you close your browser. While not as secure as rejecting cookies outright, this option lets you access cookie-based websites while deleting any sensitive information after your browsing session.
Install and keep antispyware applications updated
Many spyware detection, cleanup applications, and spyware removers include attack site detection. They block your browser from accessing websites designed to exploit browser vulnerabilities or download malicious software.
Make sure your browser is updated
If you haven't already, set your browser to update automatically. This eliminates security vulnerabilities caused by outdated browsers. Many cookie-based exploits are based on exploiting older browsers' security shortcomings.
Cookies are everywhere and can't really be avoided if you wish to enjoy the biggest and best websites out there. With a clear understanding of how they operate and how they help your browsing experience, you can take the necessary security measures to ensure that you browse the Net confidently.
HOW TO CONTROL COOKIES
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
OPTING OUT OF COOKIES
For detailed information on how to do this, look in your browser’s help information, or for an overview of the most common browsers, you can visit: http://www.cookiepedia.co.uk/index.php?title=How_to_Manage_Cookies or http://www.aboutcookies.org/
Advertising companies also enable you to opt-out of receiving targeted advertising, if you would prefer to do so. This does not stop cookies being set, but it does stop these companies using and collecting some data. For more information and opt-out controls, please go to: http://www.youronlinechoices.eu/