COOKIE POLICY

This information to data subject governs how the personal information you provide by using the website at www.toosh.it/en, is processed by Iltex S.r.l., with registered office in Via Gabrio Serbelloni, 14  -  20122 Milano (MI), VAT number 13169870154 , email info@iltexsrl.com, hereafter the “Controller”, in accordance with current laws on data protection, in particular EU Regulation 2016/679 (hereinafter “GDPR”).

1. Identità e dati di contatto del titolare del trattamento

The Data Controller is Iltex S.r.l.

As the Controller is headquartered in Italy, no representative has been appointed.

2. Data protection officer’s contact information

The Controller has not appointed a data protection manager.

3. Data processing methods

3.1 Cookies and environmental data

3.1.1 TECHNICAL COOKIES

  • Browser, functional, session cookies: These permit the site to function properly. The use of session cookies (which are not permanently stored on the data subject’s device and are automatically deleted when the browser is closed) is strictly limited to transmitting identification information for single sessions, and the cookies are utilized to permit secure and efficient use of the site.
  • Statistical cookies: The site uses statistical cookies created directly by the Controller internally, or provided by third parties. In the latter case, appropriate steps have been taken to make identification less likely, including by masking significant portions of the IP addresses handled this way. The use of these third party statistical cookies is also subject to contractual restrictions that require the third party to use them solely to provide the service, to store them separately, and not to “enrich” them or “cross-reference” them with other available information. With specific regard to Google Analytics cookies, the information obtainable from these cookies on how users are utilizing the site will be transmitted from the data subject’s browser to Google Inc., with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and filed with that company’s servers.

Google’s privacy provisions, which we ask you to read, are available at the following address: http://www.google.com/intl/it/privacy/privacy-policy.html Privacy information on Google Analytics services is available at the following address: http://www.google.com/intl/en/analytics/privacyoverview.html

  • Browser data and environment variables: During their normal operation, certain IT systems and procedures responsible for site functioning automatically acquire personal data related to the data subject’s browsing, including environment variables. Examples of this category of data include:
  • The IP addresses of the computers of those who utilize the services;
  • Number of accesses;
  • Pages viewed;
  • Date and time of access;
  • The URL where the browser was before viewing our page;
  • The type of browser;
  • The operating system used.

3.1.2 NON-TECHNICAL COOKIES

  • Profiling cookies: The site uses profiling cookies provided by third parties, as it follows.

 

Delete and deactive cookies

As cookies are normal text files, is it possible to access them using text processing programa. In each case is possible to configure your browser in order to prevent it from processing cookies.

Delete/deactivate cookies using Firefox:

http://support.mozilla.com/it/kb/Eliminare%20i%20cookie

Delete/deactivate cookies using Edge:

https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies

Delete/deactivate cookies using Chrome:

http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647

Delete/deactivate cookies using Safari:

https://support.apple.com/kb/ph21411?locale=it_IT

3.1.3 SOCIAL PLUG-IN

This type of service permits interactions with social networks or other external platforms directly from Data Controller webpages. The interactions and information acquired by Data Controller are in all cases subject to the individual user’s privacy settings for each social network. If a service for interacting with social networks is installed, it is possible that, even if the service is not used, it may collect data traffic related to the pages on which it is installed.

- Facebook

The “Like” button and Facebook social widgets are services for interacting with the Facebook social network, provided by Facebook, Inc. Personal data collected: cookies and usage data. Place of processing: USA – Privacy (https://www.facebook.com/privacy/explanation);

- Instagram

The Instagram social widgets are services for interacting with the Instagram social network, provided by Instagram Inc., a service of Facebook Inc. Personal data collected: cookies and usage data. Place of processing: USA - Privacy (https://help.instagram.com/519522125107875);

3.2 Data provided voluntarily by the data subject

The data optionally and freely provided by the data subject, by sending e-mails to the addresses found on the site, may be acquired and processed for legitimate interest of the Data Controller in order to reply to data subject’s requests. In particular, in addition to the email address required to reply to the sender, any other personal data contained in the related communication or provided for by the data subject in the specific form will be processed. The Data Subject is invited to not enter special category data (for example data concerning their health) in the communications that will be sent to the Data Controller. The data collected this way will be stored and processed for legitimate interest of the Data Controller, in order to use the services available on the website. Such data will be collected and stored only for the purpose of storing the correspondence, replying to the data subject and for anonymized statistical analysis. They will not be used for other purposes.

4. Purposes of the processing and legal basis

In relation to cookies of a technical nature referred to in point 3.1.1. and to navigation data, the processing of the data subject’s personal data is carried out in order to enable proper use of the website; use of the data is necessary for navigation on the website. In this case the legitimate interest of the data collector is the legal basis of the processing In relation to non technical cookies set forth in point 3.1.2, the processing of personal data allows the Data Controller to provide a personalised browsing experience through profiling. In this latter case, consent of the data subject will be the legal basis for the processing, expressed in compliance with the applicable law.

5. Consent expression modalities

The consent for processing of personal data through technical cookies could be expressed by clicking on a specific box available inside the banner. 

6. Source from which the personal data originates

Only the data provided by means of this information to data subject will be processed and collected on the website or through the email sent by the data subject. No personal data originating from public sources will be processed.

7. Recipients and possible categories of personal data recipients

The personal data of the data subject may be sent to:

  • Communication companies which carry out commercial communication and profiling activities on behalf of the Data Controller, as data processor;
  • Companies that offer services related to the information society, including, in particular, those that offer hosting services. 

8. Data categories

The personal data of the data subject will be processed.

9. Data transfer

The Data Controller intends to transfer personal data to another country or to an international organization. These subjects could include, by way of example:

  • Communications companies, which carry out communication activities on behalf of the Data Controller;
  • Companies that offer services related to the information society, including, in particular, those that offer hosting services;
  • Communication service providers;

The transfer of personal data to such subjects, if they are established in another country or are an international organization, will be carried out only if it is considered adequate by the European Commission, which will verify that the other country, the area or one or more specific sectors within the other country or the international organization in question can guarantee an adequate level of protection of the Data Controller’s rights. In any case, the Data Controller – if they deem it necessary – reserves the right to reach specific separate agreements that will oblige these subjects to adopt adequate security and organizational measures, aimed at appropriately guaranteeing the Data Controller’s rights. Google Inc., in particular, is contractually bound to ensure appropriate protection of the Data Controller’s rights. The data can be transferred to the following countries: United States of America. To obtain a copy of this data or information about the place where it was made available, simply send a request to this address: info@toosh.it

10. Retention period of personal data

Personal data processed and stored for all the purposes referred to in this document will be processed and stored for a period that shall not exceed 12 months, starting from the date of the individual collection; In any case, the Data Controller reserves the right to request the data subject to renew their consent to the processing and/or to verify the consent previously expressed.

11. Optional nature of consent and consequences of non-consent

In relation to personal data processed through technical cookies, in order to allow proper use of the website, the communication of personal data is not a contractual obligation in relation to technical cookies, but is based on the legitimate interest of the data controller, since a fully functional website could not be made available without this treatment. Consent is optional for non-technical cookies. In this case, failure to communicate these data will simply make it impossible to provide personalized service. For data provided voluntarily via email or format, personal data processing makes it possible to respond to data subjects’ requests. The Controller’s legitimate interest in responding to data subjects constitutes the legal basis for processing.

12. Rights of the data subject

12.1 Right to object

The Data Subject has the right to object, at any time and for reasons connected with their particular situation, to the processing of personal data concerning him/her, pursuant to Article 6, paragraph ,1 letters e) or f) of the GDPR, including profiling on the basis of these provisions. The Data Controller will refrain from further processing personal data, unless they are able to demonstrate the existence of compelling legitimate reasons for proceeding with the processing, which prevail over the interests, rights and freedoms of the Data Subject, or if they need to assess, exercise or defend one of their rights in court;

12.2 Other rights

The Data Controller also wishes to inform the Data Subject of the following rights:

  • Right of the Data Subject to access data: the data subject has the right to obtain confirmation from the Data Controller of whether or not their personal data is being processed at that time and, in that case, to obtain access to their personal data and to specific information, in accordance with Article 15 of the GDPR;
  • Right of rectification: the data subject has the right to obtain the correction of inaccurate personal data concerning them from the Data Controller, without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, and to provide an additional declaration, in compliance with article 16 of the GDPR;
  • Right to delete data, including the right to withdraw consent: the data subject has the right to obtain the deletion of personal data concerning them by the Data Controller, without undue delay, and the Data Controller is obliged to cancel the data without undue delay; the Data Subject also has the right to withdraw their consent, if the reasons set out in article 17 of the GDPR apply; in this case, the right of revocation can be exercised at any time without undermining the lawfulness of the treatment based on the consent given prior to the revocation;
  • Right to limit processing: the data subject has the right to obtain a limitation of the processing from the Data Controller, when the hypotheses defined by article 18 of the GDPR apply;
  • Right to data portability: the data subject has the right to receive, in a format which is structured, in common use and can be read on an automatic device, the personal data concerning him/her that were provided to the Data Controller, and has the right to transmit this data to another data controller without impediment by the Data Controller, in the cases and under the conditions specified by article 20 of the GDPR.

13. Exercising these rights

Requests to exercise the rights indicated in this document must be addressed directly to the Data Controller at the following email address info@toosh.it. Alternatively, you can exercise your rights by sending a communication via registered mail to or the following address.

14. Information to data subject accessibility

This information can be accessed at the address https://www.toosh.it/privacy-policy, as well as from the Data Controller. If expressly requested, the information may also be provided orally, provided that the identity of the applicant has been attested, by means of a telephone request addressed to the Data Controller.

15. Privacy e newsletter

If the data subject has agreed, through a consent flag, to receive commercial communications, his or her data will be processed in order to send direct marketing communications, newsletters, advertising materials, and market surveys, via traditional contact systems and automated IT systems, including commercial or promotional messages via email or text message; the legal basis for this is the data subject’s consent, expressed in accordance with this information to data subject. In this case, there is no contractual obligation to provide personal data. The data subject has the discretion to provide personal data, but if this data is not provided, it will not be possible to engage in any marketing activity. Personal data thus processed are stored for no more than 24 months after the date of the individual collection.

The data controller states that he received the proper information to data subject and to express a freely given, specific, informed and unambiguous consent in relation to:

- the purpose of the processing set forth in point 4 of this infromation to data subject for the processing of personal data and for profiling activities; [checkbox yes/no]

- the purpose of the processing set forth in point 15 of this infromation to data subject in order to receive commercial communications. [checkbox yes/no]