This policy is supplied in compliance with art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the so-called “General Data Protection Regulation” or “GDPR”), currently also used outside the European Union as a high standard for the protection of data. The policy is supplied by:
ECSA Chemicals AG, registered office in CH-9230 Flawil, Burgauerstrasse, 17, CHE-143.818.564, represented by the legal representative pro tempore, as the Controller, and ECSA Italia s.r.l., registered office in 20832 Desio (MB), via Lavoratori Autobianchi, 1, tax code and VAT registration number 00222470130, represented by the legal representative pro tempore, as Joint controller (hereinafter referred to as “Joint controllers”), on the basis of the joint controller arrangement set out in art. 26, GDPR (the essential content of such regulation is available to you), of the personal data (browsing data) collected when the User is browsing the web site and using the services and/or functions of the web site.
What are cookies?
Cookies are small text files, generally consisting in letters and/or numbers, that are sent from a visited web site and saved by the software (e.g. web browser) that is installed on the device the User is browsing from. Cookies are sent back to that web site the next time the User visits it.
Cookies are used to store information on the User’s visit to a web site. They are a very useful piece of technology, because they allow web sites to work (making them more efficient) and provide web site managers with useful information. Without cookies (or similar technologies), web sites would be unable to “remember” information on visitors, such as which and how many items are in the shopping cart or if the User has logged in or not.
Cookies can be classified according to:
- duration (session cookies or persistent cookies);
- origin (first-party cookies or third-party cookies);
- purpose (technical, analytics or profiling cookies).
Cookies that are erased at the end of a browsing session (usually when the User closes the browser) are called session cookies. They are useful for saving a User’s purchase order or for security purposes, e.g. when accessing a personal Internet banking or webmail account.
Cookies that are stored for longer periods of time (between sessions) are called persistent cookies and they are used, among other things, to remember user preferences or for targeted advertising.
The definition of “first party” or “third party” cookies is based on the web site or dominion that installs the cookies. First-party cookies are installed directly by the web site the User is visiting, whereas third-party cookies are installed by a dominion that is not the one the User is visiting, e.g. if the web site contains elements from other web sites, such as images, social media plug-ins or adverts.
It must be specified that the purposes cookies are usually used for can be executed by other, similar technologies, including some functions that enable the identification of devices so that visits to a web site can be analysed. This policy applies to any technology that saves or accesses information present in the User’s device.
What are the purposes of the cookies used in this web site?
Based on purpose, the cookies installed in this web site can be divided into technical cookies, analytics cookies and profiling cookies.
Technical cookies are required for the web site to work correctly because they enable functions that help Users to browse, e.g. allowing them to access their profile without logging in every time or to choose a language for browsing without having to select it each time.
Technical cookies are considered strictly necessary, because saving information is essential to supply a service requested by the User. Technical cookies cannot therefore be disabled and the prior consent of Users is not required for their installation.
Analytics cookies, which can be first party or third party, are installed to gather information on the use of a web site. Specifically, they are useful to statistically analyse access or visits to the web site and to allow web site owners to improve its structure, browsing logic and contents. The collected information is used to carry out statistical analyses in order to improve the use of the web site and, eventually, to make the contents more interesting and closer to the User’s wishes. Analytics cookies are not necessary for the web site to work, so consent is required from the Users before installation.
Profiling cookies, which can be first party or third party, are used to track User browsing, analyse their behaviour for marketing purposes and to create a profile of their tastes, habits, choices, etc. In this way it is possible to send ads targeted to the User’s interests and in line with the preferences shown by them when they browse online. Profiling cookies include social media cookies. They can only be installed if the User has given consent.
Below is information on the various cookies installed from the web site, including name, type, purpose of use, duration, if first party or third party.
How are cookie preferences managed?
Users can express their cookie preferences through the settings in the browser they use. Almost all browsers are set to accept all cookies by default, but Users can change the default configuration through the browser’s settings, which can be used to delete/remove some or all cookies, block cookie downloads or limit downloads to some web sites only.
Disabling/blocking cookies or deleting cookies could cause some parts of the web site to function incorrectly or block some functions. It may also affect the services of third parties.
The configuration for cookie management depends on the browser used.
Below are the instructions and links to the guides for cookie management in the main desktop browsers:
- Google Chrome: click on the three-dot icon in the top right corner and go to “Settings”. Select “Advanced” and in the “Privacy and security” section, click on “Site Settings”. Adjust cookie settings by selecting “Cookie and other site data”. Below is the link for more information:https://support.google.com/chrome/answer/95647?hl=it&p=cpn_cookies%20https://support.google.com/accounts/answer/61416?hl=it
- Mozilla Firefox: click on the three horizontal line icon in the top right corner and select “Options”. In the window, select “Privacy and security” to manage cookie settings. Below is the link for more information:https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
- Microsoft Edge: click on the three horizontal dot icon in the top right corner and select “Settings”. In the window, select “Privacy and security” to manage cookie settings. Below is the link for more information:https://privacy.microsoft.com/it-it/windows-10-microsoft-edge-and-privacy
- Microsoft Internet Explorer: click on the gear icon in the top right corner and select “Internet Options”. In the window, select “Privacy”, “Advanced” to manage cookie settings. Below is the link for more information:http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Apple Safari: select “Preferences” and then “Privacy”, where you can manage cookie settings. Below is the link for more information:https://support.apple.com/it-it/guide/safari/sfri11471/mac
- Opera: select the three horizontal line icon in the top right corner and then “Advanced”. Select “Privacy & Security” and then “Site settings”. Manage cookie settings from the “Cookies and site data”. Below is the link for more information:https://help.opera.com/en/latest/web-preferences/#cookies
In the case of browsers other than the above, check the user guide of individual browsers to learn how to manage cookies.
What are the personal data provided for?
The personal data (browsing data) processed via the installation of technical cookies are used to ensure correct browsing in the web site.
To whom may the personal data be disclosed to?
The personal data processed by the Joint controllers will not be disseminated, it will not be disclosed to unspecified subjects, in no form whatsoever, including making the data available or allowing consultation, without the prior, specific, unequivocal consent of the User.
The personal data may be accessible to the workers and/or collaborators who are employed by or work for the Joint controllers and/or to some external subjects that provide sufficient guarantee that they have adopted adequate legal, organisational and technical measures such that the processing meets the requirements of the GDPR and ensures the data subject’s rights are protected. Specifically, the data may be accessible to: workers and/or collaborators of the Joint controllers, as persons authorised to process personal data and/or System Administrators; ii. third parties or other subjects that carry out activities outsourced by the Joint controllers, as external processors of the personal data.
The Joint controllers may disclose the data to subjects that are entitled to access such data as a result of laws, regulations, EU rules, judicial authorities and to all other subjects to which it is mandatory by law to disclose the data.
Where can the personal data be transferred to?
Personal data will be managed and stored on servers and/or in premises of the Joint controllers and/or third party companies officially appointed as data processors, based in Switzerland (which the European Commission rates as a country that guarantees adequate protection of personal data) and/or inside the European Union or the European Economic Area (EEA) or, in any case, in countries outside the European Union or the European Economic Area (EEA), which the European Commission rates as countries that guarantee adequate protection of personal data pursuant to art. 45, GDPR, i.e. in compliance with the provisions set forth in articles 46 and 47, GDPR.
What are the rights of the User (data subject)?
Pursuant to articles 15 to 22, GDPR, in the cases listed, the User has the right to:
(i) obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related information, including receiving a copy of it (so-called right of access);
(ii) obtain the rectification of inaccurate personal data and/or the integration of the incomplete personal data concerning him or her (so-called right to rectification);
(iii) obtain the erasure of personal data concerning him or her where one of the grounds set out in the GDPR applies (so-called right to erasure);
(iv) to obtain the restriction of processing to only some of the personal data where one of the grounds set out in the GDPR applies (so-called right to restriction of processing);
(v) request and receive the personal data concerning him or her, in a structured, commonly used and machine-readable format or request and have those data transmitted to another controller without hindrance (so-called right to data portability);
(vii) withdraw, at any time, the consent given to the processing of personal data (so-called right to withdraw consent);
(vii) object, in full or in part, to the processing of personal data (so-called right to object);
(viii) not to be subject to a decision based solely on automated processing in the cases listed in the GDPR.
10.2 If the User believes the personal data are being processed in violation of the provisions set forth in the GDPR, he/she has the right to lodge a complaint with the supervisory authority (art. 77, GDPR), or seek an effective judicial remedy (art. 79, GDPR).
Procedures for the exercise of rights
Controllers, processors, authorised subjects
The Joint controllers of the processing are:
ECSA Chemicals AG, registered office in CH-9230 Flawil, Burgauerstrasse, 17, CHE-143.818.564, represented by the legal representative pro tempore, and ECSA Italia s.r.l., registered office in 20832 Desio (MB), via Lavoratori Autobianchi, 1, tax code and VAT registration number 00222470130, represented by the legal representative pro tempore. More information on the processors and subjects authorised to process personal data can be obtained from the Joint controllers by contacting them at the addresses and numbers listed in this policy.
DATA PROTECTION OFFICER – DPO
ECSA Italia s.r.l. has appointed the person in charge for the protection of personal data – c.d. Data Protection Officer or “DPO”, who can be contacted for any information and / or request at the following e-mail address: firstname.lastname@example.org
Changes to the policy
This policy may change. Users should check this policy regularly and refer to the most updated version.
Policy updated on 11/01/2021.