1. Identify and contact details of the data controller
The data controller is Amilon S.r.l., Tax Code and VAT 05921090964, with registered office in via Natale Battaglia n. 12, Milan, e-mail address [email protected] (“Amilon” or “Data Controller”).
2. Contact details of the Data Protection Officer (DPO)
The DPO can be contacted at the e-mail address [email protected].
3. Categories of data processed
a. Navigation Data
The computer systems and software procedures used to operate the website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
Such data, necessary for the use of web services, are also processed in order to:
- allow access to the website and the use of its functionalities;
- allow and monitor the proper functioning of the website and carry out maintenance activities;
- obtaining anonymous statistical information on the use of the website;
- ascertaining possible liability in the event of hypothetical computer crimes to the detriment of the website and to exercise and/or defend the rights of the Data Controller.
The legal basis of the processing carried out for the above-mentioned purposes are the performance of an agreement to which the data subject is a party and the pursuit of the legitimate interest of the Data Controller.
b. Data provided voluntarily by the user
In order to be able to use certain services on the website, the provision of personal data is required, in relation to which please refer to the specific information provided at the time of collection.
c. Information processed through cookies
The web site uses cookies.
What are cookies?
Cookies (or markers) are small text files sent by the web server used by the user to the user’s device (usually to the browser), when the user accesses a specific site for the purpose of storing and transporting information. The cookies are stored so that they can be recognized at each subsequent visit. At each subsequent visit are resent from the user’s device to the site.
Each cookie generally contains the name of the server from which the cookie was sent, the expiry date and a value, usually a unique number generated at random by the computer.
First-party and third-party cookies
Cookies can be installed not only by the same operator of the website visited by the user (first-party cookies), but also by a different site that installs them through the first site (third-party cookies) and that is able to recognize them. This happens because, on the visited website, there may be elements (e.g. images, maps, sounds, links to web pages of other domains, etc.) that reside on servers other than the one used by the visited web site.
Technical, analytical and profiling cookies
Technical cookies are installed for the sole purpose of “transmitting a communication through an electronic communications network, or to the extent strictly necessary for the provider of an information society service to provide such service based on an explicit request by a subscriber or an user” (see art. 122, prf. 1 of Privacy Code). They are usually used to allow efficient navigation between web pages, to store user preferences, to store information on specific user configurations, to authenticate users, etc.
Technical cookies can be divided into navigation cookies, used in order to record data useful for normal browsing and use of the website on the user’s computer (allowing, for example, to remember the preferred size of a web page in a list) and functional cookies, which allow the website to remember the choices made by the user in order to optimize its functionality (for example, functional cookies allow the site to remember the specific settings of a user, such as country selection and, if set, the status of permanent access). Some of these cookies (called essential or strictly necessary) enable functions without which it would not be possible to carry out some operations.
Pursuant to the aforementioned art. 122, prf. 1 of the Privacy Code, the use of technical cookies does not require users’ consent, instead it requires the obligation to properly inform users.
Pursuant to the Decision, technical cookies are assimilated – and therefore, for its installation, users’ consent is not required – to the s.c. analytics cookies if they are:
- created and used directly by the first-part web site operator (without, therefore, the intervention of third parties) for the purpose of optimizing the same to collect aggregated information on the number of users and how they visit the site itself, as well as
- created and made available by third parties if:
- used by the first party website for mere statistical purposes, if appropriate tools are adopted to reduce their identifying power (for example, by masking significant portions of the IP address) and used only for the production of aggregate statistics and in relation, as a rule, to a single site or a single mobile application, so as not to allow the tracking of a person’s navigation using different applications or browsing different websites;
- third parties, who provide the web measurement service to the site, do not combine, enrich or cross-reference the data, even minimised as above, with other information available to such third parties (e.g. customer files or statistics of visits to other sites) or pass them on to other third parties.
Profiling cookies or similar markers (e.g. pixel, fingerprint, etc.) are used to track user navigation, analyze their behavior for marketing purposes and create profiles on their tastes, habits, choices, etc. in order to transmit targeted advertisements in relation to your interests and in line with the preferences expressed by these in the online navigation. These cookies, pursuant to art. 122 of Privacy Code, can be installed on the user’s terminal only if he/she has given his/her consent after having been informed in the simplified manner indicated by the Italian Data Protection Authority in the Decision (publication on the site of a ‘short’ information notice contained in a banner immediately appearing on the home page (or other page through which the user can access the site), which refers to an ‘extended’ information notice, which can be accessed by means of a clickable link).
Persistent and session cookies
Based on their duration, cookies are distinguished in persistent cookies, which remain stored until their expiration, on the user’s device, except in case of removal by the latter, and in session cookies, which are not stored permanently on user’s device and they disappear when the browser is closed.
4. List of cookies and other tracking tools used by the website
Technical cookies
The website uses technical cookies or other technical tools, installed for the purposes indicated below, for which the users’ prior consent is not required pursuant to Article 122 of the Privacy Code.
Below, the name, purpose of use and duration are given for each tool used.
| Name | Third Party | Purpose | Duration |
|---|---|---|---|
| _icl_visitor_lang_js | First part (Domain: .amilon.com) | This cookie is used to store a user’s language preference, so that content in the stored language can be provided the next time the website is visited. | 1 day |
| wpml_browser_redirect_test | First part (Domain: .amilon.com) | This cookie is used to check if cookies are enabled in the browser to provide users with an appropriate user experience. | Session |
| _GRECAPTCHA | Third party (Domain: www.google.com) | Cookies run for the purpose of providing risk analysis. | 6 months |
| sessiontime | First part (Domain: .amilon.com) | This cookie is used to track the duration of the user’s session on the website, ensuring seamless navigation and interaction with the various features of the site. | Session |
| thread | First part (Domain: .amilon.com) | Unclassified cookies are cookies that are in the process of being classified, together with the providers of individual cookies. | 1 years |
| HDA_user_mode | First part (Domain: .amilon.com) | Unclassified cookies are cookies that are in the process of being classified, together with the providers of individual cookies. | Session |
Anonymised analytics cookies
The website uses analytics cookies created and made available by third parties to statistically analyze the accesses or visits to the website, allowing the Data Controller to improve the structure, navigation logics and content and to collect information on web site usage.
For more details and information, please visit the following link: https://support.google.com/analytics/answer/1011397
These cookies, appropriately anonymized (through the masking of significant portions of the IP address), allow the collection of aggregate information on the number of users and how they visit the web site without being able to identify the single user. Therefore, which the users’ prior consent is not required, accordingly with the Decision.
Below, the name, purpose of use and duration are given for each analytic cookie.
| Name | Third Party | Purpose | Duration |
|---|---|---|---|
| _ga_# | Part One (Domain: .amilon.com) | Used by Google Analytics to collect data on the number of times a user has visited the website and the dates of the first and last visit. | Two years |
| _ga | Part One (Domain: .amilon.com) | Contains a unique identifier used by Google Analytics to determine that two distinct visits belong to the same user across browsing sessions. | Two years |
Profiling cookies
No profiling cookies are used on this website.
5. Data recipients
The processing of data related to the website services is carried out by employees/collaborators who have been expressly authorized to process and who have received adequate operating instructions.
The data will also be processed by Google, which will process them for the purpose indicated in Section 4 above as an autonomous data controller.
The Data Controller transfers the data outside the EU or the EEA and in particular to the United States, where the third parties mentioned above and the IT providers involved in the operation/maintenance of the website are established, a third country considered adequate by virtue of the decision of the European Commission of 10 July 2023 – EU-US Data Privacy Framework. Where data is transferred to countries outside of the European Union (EU) or the European Economic Area (EEA) that have not been deemed adequate by the European Commission, the “transfer tools” referred to in Article 46 of the GDPR will be used.
6. Modalities for managing cookies use options
The user has various options in order to browse without cookies as described here below: https://www.garanteprivacy.it/cookie.
Users can express their cookies options also through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, the user can change the default configuration via the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking cookies or deleting them could compromise the optimal use of some areas of the website or prevent certain features of the same, as well as affect the functioning of third-party services. The configuration of cookie management depends on the browser used. The following links provides you with cookies management option for the main web browsers:
For browsers other than those listed above, it is necessary to consult the related guide to find out how to manage cookies.
7. Rights of data subjects
In relation to the processing of personal data carried out by the Data Controller, the data subject, in addition to what is indicated in the previous paragraph, can exercise the rights referred to in articles 15-22 of the GDPR, and in particular can obtain the access to the data concerning him/her and to the information referred to in art. 15 (purposes of the processing, categories of personal data, etc.), obtain the erasure of data in the cases provided for by art. 17, obtain the rectification of inaccurate data or the integration if incomplete data, obtain the limitation of processing in the cases provided for by art. 18, and the data portability (i.e. the right to receive the data in a structured format, commonly used and readable by automatic device, as well as, if technically feasible, to transmit them to another controller without hindrance) if the processing is based on consent or contract and is carried out with automated tools.
The data subject can exercise his/her rights by sending a communication to the contact points indicated in par. 1.
The data subject has the right to lodge a complaint with the competent supervisory authority in the Member State where he/her habitually resides or works or in the State where the alleged infringement occurred.