Notice on the processing of our website users’ personal data, issued in accordance with art. 13 of Regulation EU 679/2016.
In accordance with the provisions of the Regulation, Vitrum srl will process data based on the principles of legitimacy, fairness, transparency, limited purpose and retention, data minimization, accuracy, integrity and confidentiality, as well as the accountability principle referenced in art. 5 of the Regulation.
- DATA CONTROLLER
Vitrum srl, with registered address in Milan, at no. 16 Via Carlo Ilarione Petitti (hereinafter “Vitrum” or “Controller”) constantly strives to protect the online privacy of its website users. We therefore invite you to carefully read this privacy notice, which contains important information on the protection of personal data, before providing any Personal Data to the Controller.
- PERSONAL DATA SUBJECT OF PROCESSING
The personal data we process might consist of identification data such as a name, identification number, location data, online user name, or one or more elements that either characterize the physical or business identity of the user or make it identifiable, depending on the type of service requested.
More specifically, the personal data processed though this Website are the following:
- a) Navigation data
During their normal operating routine, the IT systems and software used to ensure the functionality of this Website automatically acquire web navigation data, transmission of which is inherent to the use of internet communication protocols. The data, although not collected for the purpose of being associated with anyone in particular, by their very nature could be associated and combined with data processed by third parties, and thereby be used to identify users or those who navigate the website. This data category includes information on the IP address, the domain names of computers by which uses connect to the website, the requested resource Uniform Resource Identifier (URI) address, time of the request, method used to submit the request to the web server, the reply file size, numerical code indicating the web server reply status (successful, error, etc.) and other parameters pertaining to the user’s operating system and IT environment. These types of data are solely used to collect anonymous information for website usage statistics and to verify its functionality, identify malfunctions and/or instances of abuse, and are deleted immediately after being processed. Data may also be used to ascertain liability in case of cybercrimes committed against the Website or third-parties.
- b) Data collected by means of cookies
What are cookies?
Cookies are small data units that are stored on your device by the web sites you visit. Their purpose is to recognize the device you used to access the website. A cookie usually contains the name of the server it was sent from, expiry date and a randomly generated unique ID. Cookie expiry date depends on the type of the cookie. “Session” cookies are stored for the duration of a single online session, while “persistent” cookies are stored until they expire or are deleted by the user.
Cookies and similar technologies help web site operators to provide more user-friendly online services and ensure improved web site performance. Mandatory cookies that are required for correct operation of web sites and functionalities enable delivery of user-friendly online services (e.g. user identification, login, etc.) and ensure that your account is protected.
Cookies are used to store information about language selection, the tab you are currently viewing, font size, language, etc. Session cookies are usually deleted immediately after you close your browser. Cookies for improving web site performance are designed to log browsing history and the interaction with the web site, which enables us to improve the web site design and user experience.
What are third-party cookies used?
Google Analytics Cookies
|Cookie name||Type of cookie||Description / Purpose|
|_ga||persistent cookie||It allows you to track the sharing of the contents|
|_gat||persistent cookie||It allows you to track the sharing of the contents|
|_gid||persistent cookie||It allows you to track the sharing of the contents|
Cookie from Google Maps, YouTube e other Google services
The website uses Google Services as Google Maps and YouTube. Cookies are identified as:
|Cookie name||Type of cookie||Description / Purpose|
|1P_JAR||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|APISID||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|CONSENT||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|HSID||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|NID||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|S||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|SAPSID||persistent cookie||Stores the preferences and information of users each time they visit web pages containing a Google service|
|SID||persistent cookie||Remember the preferences of the user settings (eg zoom level set)|
|SIDCC||persistent cookie||Remember the preferences of the user settings (eg zoom level set)|
|SSID||persistent cookie||Remember the preferences of the user settings (eg zoom level set)|
|TjPui.resume||persistent cookie||Youtube cookie to verify user preferences|
|VISITOR_INFO1_LIVE||persistent cookie||This cookie is being used for playing a youtube video|
|YSC||persistent cookie||This cookie is being used for playing a youtube video|
How to manage cookies on your personal computer?
Regardless of your decision, you may change your cookie settings (allow, limit, disable) at any time through relevant web browser settings. In order to use these functionalities, follow the instructions for the web browser you are using:
For more information
For more information about cookies:
- DATA PROCESSING PURPOSES
The users’ personal data will be processed for the following purposes:
3.1 to enable navigation of the Website and provision of related services by the Controller, which include managing website security
3.2 to fulfill obligations set-forth by the prevailing laws, local or European Community rules and regulations, or to satisfy requests from regulatory Authorities
3.3 to prepare statistics, without possibility of personally identifying any specific user
3.4 to send newsletters and marketing materials regarding services offered by Vitrum directly to the user via e-mail and/or telemarketing calls.
Specific security measures have been implemented to prevent any loss, illicit or improper use, and unauthorized access to data.
- LEGAL GROUNDS FOR PROCESSING
Art. 6.1 b) of the Regulation constitutes legal grounds to process personal data for the purposes stated in section 3.1.
Art. 6.1 c) of the Regulation constitutes legal grounds to process personal data for the purposes stated in section 3.2. Although the provision of personal data for these purposes is optional, lack thereof might make it impossible to access certain services. Please note that, since no personal data is involved, the Controller is free to perform the data processing activities specifically referenced in section 3.3. Art. 6.1 a) of the Regulation constitutes legal grounds to process personal data for the purposes stated in sections 3.4 and 3.5, which are subject to obtaining the users’ consent. This last is optional, and you are free to revoke it at any time without repercussions.
- SHARING OF PERSONAL DATA
Once collected, personal data might be shared with:
5.1 subjects who typically act as data processors, pursuant to art. 28 of the Regulation
5.2 subjects, entities or authorities entitled to receive personal data by virtue of legal provisions or by order of the competent Authorities.
5.3 individuals authorized by the Controller, pursuant to art. 29 of the Regulation, to process personal data as necessary to perform activities strictly pertaining to the provision of services, and who have undertaken to keep the data confidential or are otherwise legally bound to do so.
The updated list of subjects who may process personal data in their capacity of data processors can be obtained from the registered office of Vitrum.
- TRANSFER OF PERSONAL DATA
With regard to transferring data to Countries outside the European Economic Area, the Controller hereby gives notice that processing will take place in abidance of the procedures set-forth by the prevailing laws, including those pertaining to user consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects participating in international programs for the free movement of personal data. (e.g. EU-USA Privacy Shield) or operating in Countries the European Commission deemed able to adequately protect data. Additional information is available upon request from the Controller, at the above listed registered address.
- RETENTION OF DATA
Personal data processed for the purposes referenced in section 3 will be retained only for the time necessary to achieve said purposes.
Additional information on the personal data retention period and the criteria used to determine it can be obtained by sending a written request to the Controller, at the address listed in the “Contacts” section of this notice.
In any case, the Controller is entitled to retain your personal data to protect its own interests for the period of time allowed by Italian Law (Civil Code art. 2947).
- DATA SUBJECTS’ RIGHTS
Pursuant to article 15 and subsequent of the Regulation, data subjects are entitled, at any given time, to ask Vitrum for access to their Personal Data, correction or deletion thereof, oppose its processing, restrict processing in the cases set forth by art. 18 of the Regulation, as well as receive their personal data in a structured, commonly used, legible format for automatic devices in the cases set forth by article 20 of the Regulation.
In any case, pursuant to article 77 of the Regulation, data subjects retain the right to file a complaint with the competent Personal Data Protection Authority (Garante per la Protezione dei Dati Personali) whenever they deem their Personal Data has been processed in violation of the prevailing regulations.
The Controller reserves the right to entirely or partially change or simply update the content of this privacy statement also pursuant to changes in the applicable regulations. The Controller therefore invites its users to visit this section regularly, read the most recently updated version of the privacy statement and thereby remain aware of the personal data being collected and how they are used by Vitrum.
To exercise the rights mentioned above or for any other type of request, please write to the Controller at the registered address listed above, or send an e-mail to the dedicated contacts at email@example.com, preferably indicating “Request to exercise privacy rights” (“Richiesta esercizio diritti privacy”) on the subject line.