Legislation regulating the use of so-called “cookies” and other similar means on user terminals (personal computers, notebooks, tablets, smartphones, etc.) has been amended following the implementation of Directive 2009/136/EC, which has introduced changes to the Directive 2002/58/EC, known as the “E-Privacy” Directive. This new Directive has been approximated in Italy by Legislative Decree no. 69 of 28 May 2012, which in turn introduced changes to Legislative Decree no. 196 of 30 June 2003, “Personal Data Protection Code”. In particular, the Italian Data Protection Authority has issued specific general guidelines, dated 8 May 2014 (“Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies”). These guidelines specify that:
Technical cookies are those used exclusively with a view to “carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service” (see Section 122(1) of the Code).
They are not used for further purposes and are usually installed directly by the data controller or the website manager. They can be grouped into browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections); analytics cookies, which can be equated to technical cookies insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website; functional cookies, which allow users to navigate as a function of certain pre-determined criteria (such as language or products to be purchased) so as to improve the quality of service.
Users’ prior consent is not necessary to install these cookies, whilst information under Section 13 of the code has to be provided in the manner considered to be most appropriate by the website manager, only if such cookies are relied upon.
What are cookies?
Cookies are files that may be stored on the user’s computer (or other devices capable of browsing the web, for example smartphones and tablets) when the user visits a website. Typically a cookie contains the name of the website it derives from, and details of its so-called “lifespan” (i.e. how long it will remain on the user’s device).
Cookies that are essential for website functioning
Users can disable cookies at any time by modifying their browser settings, however by doing so, access to some parts of the site may be slower or unavailable.
Cookies are in fact required to use the site and its services, including the purchase of items. If these are disabled, Controlfluid srl cannot guarantee that items selected during online purchasing operations, where present, will be saved or displayed, and items may not be added to the user’s basket.
How to change the browser settings
Usually, the browser settings are quite easy to change, as explained below:
• select Internet Options or Preferences from the Tools or Display or Settings menu;
• select Privacy or Protection or Download Files and select the preferred settings.
Further instructions are available at the website pertaining to the user’s browser.
Cookies used for analysis of aggregate information on website visits
Controlfluid srl, as data controller, uses tools to analyse aggregate information on website navigation that can be used to improve the site, (Google Analytics). In particular, Google Analytics, a system provided by Google Inc., uses temporary cookies that are stored on the user’s computer to allow the website manager to analyse how users navigate the site. These cookies are used to record information, for example the time the current visit started, any previous visits to the site by the same visitor, and the site that has pointed the user to the page; Google does not use this information to send targeted advertising. In any case, browsers do not share proprietary cookies between different domains.
Google does not associate your IP address with any other data in its possession, nor does it attempt to identify a user from an IP address. Google may transfer this information to third parties where this is allowed for by law or when such third parties process the above-mentioned information on behalf of Google.
Data subject’s rights
Controlfluid srl emphasises that Italian legislative decree 196/03 affords data subjects specific rights relating to the processing of their personal data. In particular, users have the right to be informed by the data controller or persons in charge of processing as to whether or not personal data concerning them exist, and communication of such data in intelligible form. Data subjects likewise have the right to be informed of the source of the personal data and the logic applied to the processing, as well as to obtain erasure, anonymization or blocking of data that have been processed unlawfully; updating, rectification or, where interested therein, integration of the data; and to object, on legitimate grounds, to the processing of their personal data.