Last update: 07/12/2018

INFORMATION ON THE USE OF COOKIES OF THE SITE, PURSUANT TO ART. 13 OF EU REGULATION 2016/679

The computer systems and the software procedures used to operate this website acquire, during the normal course of operation, some personal data whose transmission is implicit in the use of communication protocols of the Internet.

It concerns information that is not collected in order to be associated to identifiable concerned parties, but which could due to their nature allow identification of the users through elaboration and association with data held by third parties.

Amongst the information gathered there are IP addresses, type of browser or operating system used, URI addresses (uniform resource identifier), domain name and the addresses of the websites from which the access or exit was done (referring/exit pages), the time in which the request was made to the server, the method used and information relating to the reply received, additional information on the user’s site navigation (please also refer to the section on cookies) and other parameters relating to the user’s operating system and information system environment.

This data could also be used to identify and establish responsibility in the event of computer crimes to the detriment of the site.

---

Use of cookies

The following information is supplied to the user in implementation of the provision of the Data Protection Supervisor of 8 May 2014 “Identification of the simplified procedures for the disclosure of information and the acquisition of consent for the use of cookies”.

What are cookies?

Cookies are small text strings which a website may send, while browsing, to your device (whether this is a PC, a notebook, a smart phone or tablet, they are normally stored in the browser used during navigation). The same website that sent them, can then read and register the cookies which are located on the same device to obtain various types of information. Which type? Every cookies has a well-defined role.

How many cookies are there?

There are two basic macro-categories, with different characteristics: technical cookies and profiling cookies.

Technical cookies are generally necessary for the correct functioning of the website and to allow navigation; without these, you might not be able to view the pages correctly or use certain services. For example, a technical cookies is essential in order for the user to remain connected during the entire visit to a website, or to memorise language, viewing settings and so on. Technical cookies can be further divided in:

• navigation cookies, which guarantee normal navigation and use of the website (allowing, for example, to make a purchase or to authenticate for access restricted areas);
• cookie analytics, similar to technical cookies but only as far as they are used directly by the administrator of the website to collect information, in aggregate form, regarding the number of users and how they visit the same site;
• functionality cookies, which allow the user to navigate on the basis of a set of selected criteria (for example, language, the products selected for purchase) in order to improve the service offered.

Profiling cookies are more sophisticated. These cookies are responsible for profiling the user and are used in order to send advertising messages reflecting the preferences expressed by the user during navigation. Cookies can also be classified as:

• session cookies, which are erased immediately after closing the web browser;
• persistent cookies, which – unlike the session cookies – remain inside the browser for a certain amount of time. These are used, for example, to recognise the device which connects to the site allowing for easier authentication of the user;
• first part cookies, i.e. cookies generated and managed directly by the manager of the website which the user is visiting;
• third part cookies, which are generated and managed by parties other than the administrator of the website which the user is visiting (usually pursuant to an agreement between the manager of the website and the third party).

Which cookies are used by the website Calzavara S.p.A.?

The website www.calzavara.it uses two types of cookies:

• session cookies for authentication (PDF download, acceptance of cookies, management of the browsing sessions)
• tracking cookies (Google Analytics).

SESSION COOKIES (INDISPENSABLE FOR THE MANAGEMENT OF THE WEBSITE AND FOR ACCESS TO CONFIDENTIAL FILES)
The website www.calzavara.it uses HTTP cookies to manage the download of PDF documents. The use of session cookies (which are not permanently stored on the user’s computer and are removed when the browser is closed) is strictly limited to the transmission of session identification data necessary to allow a safe exploration of the website.

Name	Type	Duration	Function
PHPSESSID	Session cookie	Expires at the end of the session	Stores the user’s session
_icl_current_language	Session cookie	Expires at the end of the session	Stores the user’s language
_icl_visitor_lang_js	Session cookie	Expires at the end of the session	Stores the language redirection
wpml_browser_redirect_test	Session cookie	Expires at the end of the session	Check if cookies are enabled
wpml_referer_url	Session cookie	Expires at the end of the session	Stores the last requested URL
DownloadPDF	Persistent cookie	1 year	It stores the user data to enable the user for future downloads without registration

 

TRACKING COOKIES
Tracking cookies can be disabled without any consequences for the site navigation. The website www.calzavara.it uses Google Analytics by Google, Inc. (hereinafter “Google”) to generate statistics regarding the use of the web portal; Google Analytics uses cookies (not third party) that do not memorise personal data. The information obtainable from the cookies relating to the use of the website by users (including IP addresses) will be transmitted by the user’s browser to Google, with office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and stored on the company’s server. 
According to the terms of service in use, Google will use this information, acting as autonomous data controller, in order to trace and examine the use of the website, draw up reports on the site activity for use by the website operators and provide other services connected to the activity of the website, to the method of connecting (mobile, PC, browser used etc.), to the search mode and how the pages of the portal are reached. Google may also transfer this information to third parties where required to do so by law or where third parties process the aforementioned information on behalf of Google. Google will not associate IP addresses to any other data in Google’s possession. To consult Google’s privacy statement, relating to the Google Anayltics service, please refer to the following website http://www.google.com/intl/en/analytics/privacyoverview.html. To learn more about Google’s privacy policy, please visit the website  http://www.google.com/intl/it/privacy/privacy-policy.html.

Name	Type	Duration	Function
_ga	Tracking cookie	2 years	It stores the user data for the generation of statistics on the use of the website

 

THIRD PARTY COOKIES
The website www.calzavara.it uses services managed by other organisations (third parties). An example is the presence of social plugin (Linkedin, Facebook, Twitter, etc). The most common use of the social plugin is aimed at sharing content through social networks. The presence of these plugins involves the transmission of cookies from and to all websites managed by third parties. The management of the gathered information by “third parties” is governed by the pertaining information notices to which you are requested to refer.
In order to guarantee greater transparency and comfort, below you will find a list with web addresses with their various information notices and how they manage cookies.

• Linkedin cookie policy: https://www.linkedin.com/legal/cookie-policy
• Linkedin (configuration): https://www.linkedin.com/settings/
• Twitter cookie policy: https://support.twitter.com/articles/20170514
• Twitter (configuration): https://twitter.com/settings/security
• Facebook cookie policy: https://www.facebook.com/help/cookies/
• Facebook (configuration): accedere al proprio account. Sezione privacy.

Disabling cookies

It is possible to deny consent for the use of cookies by selecting the appropriate setting in your own browser: it will nevertheless be possible to normally use the website www.calzavara.it. Below you will find links explaining how to disable cookies for the most popular browsers:

• Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=it-IT&answer=95647&p=cpn_cookies
• Mozilla Firefox: http://support.mozilla.org/it/kb/Bloccare%20i%20cookie?redirectlocale=en-US&redirectslug=Blocking+cookies
• Apple Safari: http://www.apple.com/it/privacy/use-of-cookies/

Check your cookies

It is possible to view behavioural cookies present in your browser to track activity by visiting the following address:

http://www.youronlinechoices.com/uk/

---

Notice regarding minors of under 14 years

The minors of under 14 years cannot provide personal data. Calzavara S.p.A. shall not be responsible in any way for the collection of personal data or false declarations supplied by the minor and in the event that use of these were to be identified, Calzavara S.p.A. shall facilitate the right of access and of erasure forwarded by the legal guardian or whoever holds parental responsibility.

---

Exercise of the rights of the person concerned

The person concerned, in relation to the personal data object of this privacy statement, may exercise the rights as described in the EU Regulation, which are reported below:

• right to access of the person concerned [art. 15 of the EU Regulation]: the person concerned has the right to obtain confirmation from the Data Controller whether any such personal data is being processed and, in this case, to access the information expressly envisioned by the mentioned article, including without limitation the processing purposes, the category of the data and recipients, the conservation period, the existence of the right to erasure, rectification or limitation, the right to lodge a complaint, all information available regarding the origin of the data, the existence of an automated decisional process in accordance with art. 22 of the Regulation, as well as a copy of such personal data.
• right to rectification [art. 16 of the EU Regulation]: the person concerned has the right to obtain rectification and/or integration of the inaccurate personal data relating to him/her by the Data Controller, without undue delay;
• right to cancellation (“right to be forgotten”) [art. 17 of the EU Regulation]: : the person concerned has the right to erasure of the personal data relating to him/her without undue delay, if one of the grounds expressly provided for in the aforementioned article, including without limitation the lack of necessity of the processing with respect to the purposes, the revocation of the consent on which the processing is based, objection to the processing in case it is based on a legitimate interest that does not prevail, unlawful use of the data, cancellation required under law, data of minors processed in absence of the conditions for applicability provided for by art. 8 of the Regulation;
• right to limitation of the processing [art. 18 of the EU Regulation]: in the cases established by art. 18, including unlawful processing, complaint regarding the accuracy of such data, objection by the person concerned and the lack of necessity of the processing by the Data Controller, the data of the person concerned shall only be processed for conservation subject to his/her consent and the other cases expressly established by the mentioned article;
• right to the portability of the data [art. 20 of the EU Regulation]: the person concerned, in case the processing is based on consent or on a contract and carried out by automated means, may request to receive his/her personal data in a structured format, commonly used and readable on an automatic device, and has the right to transmit them to another Data Controller;
• right to object [art. 21 of the EU Regulation]: the person concerned has the right to object to the processing of this personal data, in case the processing is based on a legitimate interest that does not prevail or is carried out for direct marketing purposes;
• right not to be subject to automated decision-making processes [art. 22 of EU Regulation]: the person concerned has the right to not be subject to a decision, including profiling, based merely on automated processing (for example carried out exclusively by electronic instruments or computer programs).

The aforementioned description does not replace the text of the articles mentioned therein to which are referred in full and the full text of the EU regulation can be read at the following link

Right to lodge a complaint
The person concerned, should he/she feel that his/her rights have been compromised, has the right to lodge a complaint to the Italian Data Protection Authority, according to what is specified by mentioned Authority at the following Internet address:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

For more detailed information regarding the rights of the persons concerned set out by the Guarantor, please refer to the following link.

---

Amendments and updates

This privacy statement shows the last update date in its header.

Calzavara S.p.A. may also make amendments and/or integrations to mentioned privacy policy also as a consequence of possible subsequent legislative amendments and/or integrations.

---

Regulatory references relating to the rights of the person concerned

Article 15
Right to access of the person concerned

1. The person concerned has the right to obtain confirmation from the Data Controller whether any such personal data is being processed and, in this case, to access the personal data and the following information:

a) the processing purposes;
b) the categories of the personal data in question;
c) the recipients or the categories of recipients to who the personal data have been or shall be communicated, especially if recipients of third counties or international organisations;
d) if possible, the planned conservation period of the personal data or, if this is not possible, the criteria used to determine such a period;
e) the existence of the right of the person concerned to request the Data Controller to rectify or erase personal data or to limit the processing of the personal data that concern him/her or to object to their processing;
f) the right to lodge a complaint to supervisory authorities;
g) in the event the data was not collected from the person concerned, all information available relating to their origin;
h) the existence of an automated decisional process, including profiling as set forth in article 22, paragraphs 1 and 4 and, at least in these cases, significant information relating to the logic used, as well as the importance and the consequences of such processing for the person concerned.

2. In the event the personal data is transferred to a third country or to an international organisation, the person concerned has the right to be informed of the existence of adequate guarantees pursuant to article 46 on transfer.

3. The Data Controller shall supply a copy of the processed personal data. In case the person concerned requests additional copies, the Data Controller may charge a reasonable fee based on administrative costs. If the person concerned presents the request via electronic means, and unless stated otherwise by the person concerned, the information shall be supplied in a commonly used electronic format.

4. The right to obtain a copy as laid down in paragraph 3 shall not affect the rights and freedoms of others.

Article 16
Right to rectification

The person concerned has the right to obtain rectification and/or integration of the inaccurate personal data relating to him/her by the Data Controller, without undue delay. Bearing in mind the purpose of the processing, the person concerned has the right to obtain integration of incomplete personal data, also by supplying a supplementary statement.

Article 17
Right to cancellation («right to be forgotten»)

1. The person concerned has the right to obtain erasure of the personal data relating to him/her by the Data Controller without undue delay and the Data Controller has the obligation to erase the personal data without undue delay, if one of the following grounds exists:

a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) the person concerned revokes the consent on which the processing is based in compliance with article 6, paragraph 1, letter a), or with article 9, paragraph 2 letter a), and if there is no other legal ground for the processing;
c) the person concerned objects to the processing in accordance with article 21, paragraph 1 and there is no legitimate ground that prevails to proceed to processing, or objects to the processing in accordance with article 21, paragraph 2;
d) the personal data has been processed unlawfully;
e) the personal data needs to be erased in order to fulfil a legal obligation established by the EU law or a Member State to which the Data Controller is subject;
f) the personal data is collected with regard to the offering of information society services referred to in article 8, paragraph 1.

2. The Data Controller, in the event he has made the personal data public and is obliged, pursuant to paragraph 1, to erase them, bearing in mind the available technology and the costs for the implementation, will adopt reasonable measures, also technical to inform the Data Controllers that they are processing the personal data on request of the person concerned to erase all links, copies or reproduction of his/her personal data.

3. Paragraphs 1 and 2 shall not apply to the extent in which the processing is necessary:

a) to exercise the right to the freedom of expression and information;
b) to fulfil a legal obligation which requires the processing established by the EU law or a Member State to which the Data Controller is subject or to carry out work in the public interest or in the exercise of official authority vested in the Data Controller;
c) for reasons of public interest in the public health pursuant to article 9, paragraph 2, letters h) and i) and of article 9, paragraph 3;
d) for public archiving, scientific or historic research purposes, or for statistic purposes in accordance with article 89, paragraph 1 to the extent in which the right under paragraph 1 may make it impossible or seriously affect the pursuit of the objectives of such processing; or
e) for the determination, execution or defence of a right before a court.

Article 18
Right to limitation of the processing

1. The person concerned has the right to obtain the limitation of the processing from the Data Controller in one of the following assumptions:

a) the person concerned disputes the accuracy of the personal data, for the time required for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the person concerned objects to the erasure of the personal data but rather requests that the use of them is limited;
c) even though the data controller does not require them any more for processing purposes, the personal data is necessary for the person concerned in order to determine, exercise or defend a right before a court;
d) the person concerned has objected to the processing in accordance with article 21, paragraph 1 pending verification in relation to the prevalence of the legitimate grounds of the Data Controller with respect to those of the person concerned.

2. If the processing is limited in accordance with paragraph 1, such personal data is processed, with the exception of storage, only with the consent of the person concerned or in order to determine, exercise or defend a right before a court or to protect the rights of another natural or legal person or for reasons of relevant public interest of the EU law or a Member State.

3. The person concerned who has obtained the limitation of the processing in accordance with paragraph 1 is informed by the Data Controller before such limitation is revoked.

Article 19
Obligation to notify in case of rectification or cancellation of the personal data or limitation of processing

The Data Controller shall communicate all rectifications or cancellations or limitations of the processing to each of the recipients to whom the personal data has been transmitted in accordance with article 16, article 17, paragraph 1 and of article 18, unless this proves impossible or requires a disproportionate effort. The Data Controller shall communicate such recipients to the person concerned should the person concerned so request.

Article 20
Right to the portability of the data

1. The person concerned has the right to receive the personal data relating to him/her in a structured format, commonly used and readable on an automatic device, supplied to a Data Controller and has the right to transmit such data to another Data Controller without hindrance from the Data Controller to which he/she supplied them if:

a) the processing is based on the consent in accordance with article 6, paragraph 1, letter a), or with article 9, paragraph 2, letter a), or on a contract in accordance with article 6, paragraph 1, letter b): and
b) the processing is carried out with automated means.

2. In exercising his/her rights relating to the portability of the data in accordance with paragraph 1, the person concerned has the right to obtain the direct transmission of the personal data by one Data Controller to another, if technically feasible.

3. The exercise of the right to which refers paragraph 1 of this article does not affect article 17. Such a right does not apply to the processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the Data Controller.

4. The right referred to in paragraph 1 shall not affect the rights or the freedoms of others.

Article 21
Right to object

1. The person concerned has the right to object, at any time, for reasons relating to his/her particular situation, to the processing of the personal data relating to him/her in accordance with article 6, paragraph 1, letters e) and f), including profiling on the the basis of these provisions, the Data Controller shall abstain from further processing the personal data unless he demonstrates that there are relevant legitimate grounds to proceed to the processing which prevail on the interests, on the rights and on the freedoms of the person concerned or to determine, exercise or defend a right before a court.

2. In the event the personal data is processed for direct marketing purposes, the person concerned has the right to object at any time to the processing of the personal data relating to him/her for such marketing, including profiling to the extent in which it is connected to the direct marketing.

3. In the event the person concerned should object to the processing for direct marketing purposes, the personal data is no longer subject to the processing for those purposes.

4. The right referred to in paragraphs 1 and 2 is explicitly brought to the attention of the person concerned and is clearly and separately presented from any other information, at the latest at the time of the first communication with the person concerned.

5. In the context of the information society services and without prejudice to Directive 2002/58/EC, the person concerned may exercise his/her right to object by automated means which use technical specifications.

6. In the event that the personal data is processed for scientific or historic research purposes or for statistic purposes in accordance with article 89, paragraph 1, the person concerned, for reasons connected to his/her particular situation, has the right to object to the processing of the personal data relating to him/her, unless the processing is necessary in order to carry out a task of public interest.

Article 22
Automated decisional process relating to natural persons, including profiling

1. The person concerned has the right to not be subjected to a decision based merely on automated processing, including profiling, which produces legal effects concerning him/her or which affects this natural person significantly in the same way.

2. Paragraph 1 does not apply in the event in which the decision:

a) is necessary for the conclusion or the performance of a contract between the person concerned and the Data Controller;
b) is authorised by the EU law or of a member State to which the Data Controller is subject, which also specifies adequate measures for the protection of the rights, of the freedoms and of the legitimate interests of the person concerned;
c) is based on the explicit consent of the person concerned.

3. In the cases referred to under paragraph 2, letters a) and c), the Data Controller shall implement appropriate measures to protect the rights, the freedoms and the legitimate interests of the person concerned, at least the right to obtain human intervention by the Data Controller, to express his/her own opinion and to contest the decision.

4. The decisions referred to under paragraph 2 are not based on the particular categories of personal data as laid down in article 9, paragraph 1, unless article 9, paragraph 2, letters a) or g) are applicable and there are no adequate measures in force to protect the rights, the freedoms and the legitimate interests of the person concerned.