Cookie Policy

PRIVACY AND COOKIE POLICY

This policy provides users of this portal (from now on, “Portal“) with the information required by art. 13 of Reg. (EU) n. 2016/679 (hereinafter referred to as “GDPR“), accordingly with art. 122 of Legislative Decree 196/2003 (hereinafter referred to as “Privacy Code“) and  Decision of Italian Data Protection Authority of 8 May 2014, “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies“, as supplemented by “Guidelines on the use of cookies and other tracking tools” of 10 June 2021 (hereinafter referred to as “Decision“).

  1. Identity and contact details of the data controller

The data controller is Amilon S.r.l., C.F. and P.IVA 05921090964, with registered office in via Natale Battaglia n. 12, Milan, e-mail address [email protected] (from now on, “Data Controller” or “Amilon”).

  1. Contact details of the Data Protection Officer (DPO)

The DPO can be contacted at the e-mail address [email protected].

  1. Types of data processed

a.Navigation data

The computer systems and software procedures used to operate the portal acquire, during their regular operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.

These data, necessary for the use of web services, are also processed to:

  • allow access to the portal and the use of the relative functionalities;
  • to allow and monitor the correct functioning of the portal and carry out maintenance activities
  • obtaining anonymous statistical information on the use of the portal;
  • to ascertain possible responsibilities in case of hypothetical computer crimes against the portal and to exercise and/or defend the Controlle
  • rights.

The legal bases of the processing carried out for the above purposes are the execution of a contract to which the interested party is a party and the pursuit of the Controller’s legitimate interest.

b. Data provided voluntarily by the user

To benefit from certain services on the portal it is necessary to provide personal data. Please refer to the specific information provided at the time of collection.

c. Information processed through cookies

The portal uses cookies.

What are cookies?

Cookies are small text files sent to the user’s terminal equipment (usually to the user’s browser) by the websites the user visits; they are stored in the user´s terminal equipment to be then re-transmitted to the websites on the user’s subsequent visits.

Types of cookies

In general, there are three different ways to classify cookies: their provenance, how long they endure, what purpose they serve.

First party and third party cookies

Unlike first-party cookies, which are put on your device directly by the website you are visiting, third-party cookies are placed on your device by a third party (like an advertiser or an analytic system).

Permanent and session cookies

Session cookies are temporary and expire once you close your browser (or once your session ends).

Persistent cookies remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.

Technical, analytical and profiling cookies

Depending on the purpose, cookies can be divided into technical cookies and profiling cookies.

Technical cookies are stored for the sole purpose of “carrying out the transmission of a communication over an electronic communication network or as strictly necessary for the supplier of an information society service explicitly requested by subscriber or user to provide the service” (see Art. 122, paragraph 1 of Privacy Code).

They are essential for you to browse the websites and use its features, such as accessing secure areas of sites (so-called “essential” or “strictly necessary”). They allow a user to navigate back and forth between pages without losing their previous actions from the same session. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies.

This category includes also “references cookies” (also known as “functionality cookies”), which allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your username and password are so that you can automatically log in.

Statistics” or “analytical cookies (also known as “performance cookies”) collect information about how you use a website, which pages you visited and which links you clicked on in order to improve website functions.

Pursuant to the art. 122, paragraph 1 of the Privacy Code, technical cookies do not require consent, but it should be explained to the user what they do and why they are necessary or useful.

Pursuant to the Decision, analytical cookies are equivalent to technical cookies (and, therefore, users’ consent is not required) if:

  1. are stored directly exclusively by the owner of the visited website with the purpose to collect aggregated information on the number of users and how they visit the website, or
  2. created and made available by third parties if:
    1. used by the first party for merely statistical purposes, where the ability to identify users is reduced (for example, through hiding significant portions of the IP address) and such data are processed just for make aggregate statistics in relation to a single site or a single mobile application (so there is no tracking of the navigation of the user on different applications or navigating different websites);
    2. such third parties, who provide the web measurement service, do not combine, enrich or cross-reference the data, even minimized as above, with other information available to them (e.g. customer files or statistics of visits to other sites) or transmit them to other third parties.

“Profiling” or “marketing” cookies are used to track your on line activity and behaviour for marketing purposes. They allow advertisers to create profiles of users’ preferences, habits, choices, etc. in order to deliver them targeted advertising.

These kinds of cookies can be stored on the users’ device only after they have given their consent.

Uses must be able to access the websites even if they refuse to allow the use of profiling cookies.

List of cookies and other tracking tools used by the Portal

Technical cookies

The Portal uses cookies or other technical tools installed for the purposes indicated below, for which the prior consent of the users is not required pursuant to art. 122 of the Privacy Code.

Below, the name, purpose of use, the first or third party to which it refers and duration are reported for each cookie used.

NAME FIRST/THIRD PART DESCRIPTION (PURPOSE) DURATION
private_content_version First-party (Domain: monexia.eu) Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server. 10 years
section_data_ids First-party (Domain: monexia.eu) Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc. 1 hour
PHPSESSID First-party (Domain: .giftiamo.com) Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. 1 hour
mage-cache-sessid First-party (Domain: monexia.eu) The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true. 1 hour
form_key First-party (Domain: .giftiamo.com) This cookie is used to facilitate content caching on the browser to make pages load faster. 1 hour
login_redirect First-party (Domain: .giftiamo.com) Cookie generated by Magento 1 hour
TCPID First-party (Domain: .giftiamo.com) Used to identify visitors exposed to the privacy banner. TrustCommander uses this cookie to measure statistics for privacy banner usage until visitors provide consent for the TCID cookie. 1 year
last_visited_store First-party (Domain: .giftiamo.com) Cookie generated by Magento 1 hour
X-Magento-Vary First-party (Domain: .giftiamo.com) X-Magento-Vary cookie is used by Magento 2 system to highlight that version of a page requested by a user has been changed. It allows having different versions of the same page stored in cache session

Anonymized analytical cookies

The Portal uses analytical cookies created and made available by third parties to statistically analyze accesses or visits to the Portal itself, to allow the Controller to improve the structure, navigation logic and content and to collect information on the use of the Portal.

For more details and information you can visit the following link:https://support.google.com/analytics/answer/1011397

These cookies, suitably anonymized (by masking significant portions of the IP address), allow the collection of aggregate information on the number of users and how they visit the portal without being able to identify the individual user. Therefore, the prior consent of users is not required, in accordance with the provisions of the Measure.

NAME FIRST/THIRD PART DESCRIPTION (PURPOSE) Expiration
_ga First-party (Domain: .giftiamo.com) This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. 2 years
_gid First-party (Domain: .giftiamo.com) This cookie is set by Google Analytics. It stores and update a unique value for each page visited and is used to count and track pageviews. 1 day
_gat First-party (Domain: .giftiamo.com) This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites 1 minute

Below, for each analytical cookie used, the name, the first or third party to which it refers, the purpose of use and duration are reported.

  1. Provision of data

Without prejudice to what has been indicated above regarding cookies and similar markers used on the Portal, navigation data are necessary to carry out computer and telematic protocols.

The interested party remains free to give consent or not to give consent to profiling through the tracking tools mentioned above.

  1. Recipients

The processing of data related to the web services of the Portal is carried out by personnel expressly authorized to do so and who have received adequate operational instructions.

The data may be communicated to public authorities.

Where data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that have not been deemed adequate by the European Commission, the “transfer tools” referred to in Article 45 of the GDPR will be used, evaluating the possible provision of “supplementary measures” to ensure a level of protection substantially equivalent to that required by EU law. For more information, see the links to the privacy policy of the third parties indicated in the table.

  1. Procedures for granting and revoking consent for the installation of profiling cookies

The profiling cookies will be installed on your devices only after consent, expressed by selecting the “Accept” button in the banner containing the short information. Consent to the use of cookies is recorded with a special “technical cookie”.

You can always change your choice and, in particular, revoke the consent previously given, by clicking on “Cookie settings” at the bottom of each page of the Portal.

It is understood that where the user clicks on “Technical cookies only”, no profiling cookies will be installed.

Users may, however, express their options on cookies also through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, the user can modify the default configuration through the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking cookies or deleting them may compromise the optimal use of certain areas of the Portal or prevent certain features of the same, as well as affect the operation of third party services.  Below are the links to the guides to cookie management for the main browsers:

For browsers other than those listed above, it is necessary to consult the relevant guide to identify how to manage cookies.

  1. Data subjects’ rights

Data subjects may exercise their rights under the GDPR by sending an e-mail to [email protected]. In particular, in addition to what is pointed out in the previous paragraph, they have the right:

  • to obtain the confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access the data concerning them in accordance with Article 15 GDPR,
  • to obtain the rectification of inaccurate data,
  • to have incomplete data completed,
  • to obtain the erasure of data in the cases provided for by Article 17 GDPR (“right to be forgotten”),
  • to obtain restriction of processing in the cases provided for by Article 18 GDPR,
  • to object, at any time, on grounds relating to their own particular situation, to the processing carried out in the legitimate interest of the Controller,
  • where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (“right to data portability”);
  • to lodge a complaint with the competent supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.