PRIVACY AND COOKIE POLICY

This information, intended for all users browsing this website (hereinafter, “Site”), is issued pursuant to article 13 of Regulation 2016/679 (hereinafter, “GDPR”) and to Article 5(3) of Directive 2002/58/EC of the European Parliament and of the Council as amended by Directive 2009/136/EC of the European Parliament and of the Council (hereinafter, “Directive”), as implemented under national law.

1. Who is the “data controller” of the processing of personal data (i.e., who decides the purposes and means of processing) and how it can be contacted

The data controller is IRCA S.p.A., with e-mail [email protected] (hereinafter, “Company”).

2. Categories of data processed

a. Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data-subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

Such data may be processed to:
• enable and monitor the proper functioning of the Site, perform maintenance activities;
• obtain anonymous statistical information on the use of the Site;
• ascertain possible liability in case of hypothetical computer crimes against of the Site and therefore exercise and/or defend the Company’s rights in court.

b. Cookie

Our Site uses cookies.

What are cookies
Cookies are small text files sent to the user’s device (usually to the user’s browser) by the websites the user visits when the latter accesses such websites for the purpose of storing and transporting information.
They are stored so that they can recognize that device on the next visit. On each subsequent visit, in fact, cookies are resent from the user’s device back to the site.

First party and third party cookies
Cookies can be installed not only by the same owner of the site browsed by the user (first-party cookies), but also by a different site that installs them through the first site (third-party cookies) and is able to recognize them. This happens because on the browsed site there may be elements (images, maps, sounds, links to web pages of other domains, etc.) that are stored on servers other than that of the browsed site.

For cookies installed by third parties, the obligations to provide information and, if the conditions are met, consent lie with the third parties; the site owner, as the technical intermediary between the third parties and users, is required to include in the extended information statement the updated links to the third parties’ disclosures and consent forms.

Technical, analytical and profiling cookies
Depending on the purpose, cookies can be divided into technical cookies and profiling cookies.

Technical cookies are stored for the sole purpose of carrying out the transmission of a communication over an electronic communication network or as strictly necessary for the supplier of an information society service explicitly requested by subscriber or user to provide the service.
They are usually used to enable efficient navigation between pages, store user preferences, store information about specific user configurations, perform user authentication, etc..

Technical cookies can be divided into navigational cookies, which are used for the purpose of recording data useful for normal navigation and enjoyment of the website on the user’s computer (allowing, for example, to remember the preferred page size in a list) and functional cookies, which allow the website to remember choices made by user in order to optimize its functionality (for example, functional cookies allow the website to remember a user’s specific settings, such as country selection and, if set, permanent login status).
Some of these cookies (called essential or strictly necessary) enable functions without which certain operations could not be performed.
Under Article 5(3) of Directive, technical cookies do not require consent, but it should be explained to the user what they do and why they are necessary or useful.

Analytical cookies are equivalent to technical cookies – and, therefore, users’ consent is not required – if:

i) created and stored directly exclusively by the owner of the visited website (without, therefore, the intervention of third parties) with the purpose to optimize it to collect aggregated information on the number of users and how they visit the website, as well as

ii) created and made available by third parties if:

a. used by the first party for merely statistical purposes, where the ability to identify users is reduced (for example, through hiding significant portions of the IP address) and such data are processed just for make aggregate statistics in relation to a single site or a single mobile application, so there is no tracking of the navigation of the user on different applications or navigating different websites;

b. such third parties, who provide the web measurement service, do not combine, enrich or cross-reference the data, even minimized as above, with other information available to them (e.g., customer files or statistics of visits to other sites) or transmit them to other third parties.

Profiling cookies are used to track the users’ browsing, analyse their behaviour for marketing purposes and create profiles on their interests, tastes, choices etc. so as to transmit targeted ads in line with the user’s interests and preferences expressed when browsing online.
These cookies may be installed on the user´s device only if the user has given his/her consent.

Permanent and session cookies
Based on their duration, cookies are distinguished into persistent, which remain stored, until they expire, on the user’s device, subject to removal by the user, and session cookies, which are not stored persistently on the user’s device and vanish when the browser is closed.

Cookies used by this Site

Technical cookies
The Site uses cookies to provide the user with easier navigation, as well as for internal purposes of security and system administration.

These are “technical cookies” as specified in the table below.

These cookies cannot be disabled and for their installation, as indicated above, prior consent of users is not required.

3. Browser setting

However, users can also express their preferences regarding cookies through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, users can change the default configuration through the settings, deleting and/or removing all or some cookies, blocking or limiting cookies from being sent to certain websites. Disabling, blocking cookies or deleting them may affect optimal enjoyment of certain areas of the Site or prevent certain features of the Site, as well as affect the operation of third-party services. Find out how to manage cookies on popular browsers:

• Microsoft Internet Explorer
• Microsoft Edge
• Google Chrome
• Mozilla Firefox
• Safari

For browsers other than the ones listed above, please consult the related guide to identify the cookies management mode.

4. Categories of recipients

Data are processed by the controllers’ employees – responsible for carrying out the activities outlined above – expressly authorized and instructed to process the data.
The data are also processed by third parties who provide the Controller with services instrumental to the purposes indicated in this information notice, designated by the Controller as data processors pursuant to Article 28(3) of the GDPR, giving them appropriate instructions, such as the company that manages the of the website, such as system outsourcers, consulting companies and companies belonging to Irca group (group to which the Controller belongs).
Furthermore, data may be disclosed to autonomous data controllers, such as authorities and supervisory and regulatory authorities legally authorized to access to data, as well as to third party providers (or vendors) specified in the tables above containing the list of cookies, in which the link to the relevant policy is also provided.

5. Rights of the data subject

Data subjects may exercise against the Company the rights under Articles 15-22 of the GDPR where applicable and in particular:

i) request access the data concerning the information under article 15 (purposes of processing, categories of personal data, etc.)

ii) to obtain the erasure of data in the cases provided for by Article 17 GDPR if the Company no longer has the right to process them(1);

iii) to obtain the rectification of inaccurate data or the right to have incomplete personal data completed;

iv) to obtain restriction of processing (i.e., the temporary subjecting of data to the storage operation only) in the cases provided for by Article 18 GDPR(2);

v) to object at any time, easily and free of charge, on grounds relating to the particular situation, to the processing of data carried out in the legitimate interest of the controller;

vi) where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

To exercise such rights, you may contact the Company at any time by sending your request by e-mail to [email protected]

Furthermore, you shall have the right to lodge a complaint with the Italian Data Protection Authority or the competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

(1) The data subject shall have the right to obtain from the controller the erasure of personal data in the following cases:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
(2) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.