Cookie Policy

A. What are cookies and what are they for?

Cookies are little text strings stored on your browser when you visit a webpage.

Cookies have a range of important functions when it comes to browsing the internet (they carry out authentication procedures, memorise settings for users who access the server, save preferences, etc.).

During their browsing experience, users may receive cookies from different sites (these are known as “third-party” cookies), where these are placed on sites by website operators and used for purposes and according to methods defined by them.

There are two main categories of cookies:

• “technical” cookies (used solely to “transmit information on an electronic network, or – as far as is strictly necessary – to the supplier of a service expressly requested by the registered party or user to provide that service”, Article 122, Paragraph 1 of Legislative Decree No.196 of 30 June 2003) and
• “profiling” cookies (used to create user profiles, in order to send adverts in line with the preferences indicated through browsing).
As we will see, users will not receive profiling cookies during the time they spend browsing the Site.

B. Nature and purposes of cookies installed by the Site

During your browsing session on www.e-vai.com (hereinafter the “Site”), information may only be collected via “technical cookies”.

Technical cookies are used by the Site solely to transmit information on an electronic network, or – as far as is strictly necessary – to the supplier of a service expressly requested by the registered party or user to provide that service.

Users will not receive profiling cookies during the time they spend browsing the Site.

Below is an overview of the nature and purposes of cookies:

Name Purposes Information collected Duration How to deselect/block cookies
GUEST_L ANGUAG E_ID Sets the content language The language used by the user No expiry date Can be disabled by following the instructions shown in Paragraph D
JSESSIO NID Makes it possible to identify the user’s session Information about the session Until end of session Can be disabled by following the instructions shown in Paragraph D
LFR_SES SION_ST ATE Makes it possible to identify the Liferay session Information about the Liferay session Until end of session Can be disabled by following the instructions shown in Paragraph D

USER_UU ID Makes it possible to ID the user logged into the site Information about the user Until log-out or end of session Can be disabled by following the instructions shown in Paragraph D
C. “Third-party” cookies

During the browser session, the Site may receive cookies sent from other websites or web servers with whom we have direct agreements (“third parties”) or indirect agreements (intermediaries).

The third-party cookies received by the Site are not profiling cookies. Below is a list of the third-party cookies received by the Site.

C.1. Social media buttons and widgets

“Social media buttons” are buttons present on the Site featuring the logos of social networks (i.e. Facebook, LinkedIn, YouTube). These buttons allow users to interact with social platforms with a simple click.

Social media buttons Links
Facebook https://www.facebook.com/evai.lombardia
LinkedIn https://www.linkedin.com/company/e- vai?trk=parent_company_logo
YouTube https://www.youtube.com/channel/UCzS4rZ
_uYqS6PNfNfXsIgSw

Below is a list of third-party cookies and links where users can view privacy information relating to the management of data by social networks, as well as requesting cookie deactivation:

Type of cookie Link
Facebook https://it-it.facebook.com/privacy/explanation
LinkedIn https://www.linkedin.com/legal/privacy-policy
YouTube https://www.google.it/intl/it/policies/privacy
Links to social media websites are simply links to third-party sites which do not install profiling cookies.

D. Browser settings. Procedure for cookie management and direct connection with the specific browser section

Users can eliminate cookies through their browser settings by completing the specific procedure to modify/manage the settings.

Microsoft Internet Explorer:

Clink on the “Tools” icon at the top right and select “Internet options”. In the pop-up window, select “Privacy”. You can adjust your cookie settings here.

Google Chrome:

Select “Settings” from the drop-down menu at the top right. Select “Show advanced settings” and then change the settings under “Privacy”.

Mozilla Firefox:

Select “Options” from the drop-down menu at the top right. In the pop-up window, select “Privacy”. You can adjust your cookie settings here.

Safari:

Select “Preferences” from the drop-down menu at the top right. Select “Security” and adjust your cookie settings.

E. Methods of data processing

With regards to the purposes of data processing, data gathered through the installation and use of cookies will be processed using suitable electronic devices which ensure the privacy of the information processed.

In addition to the above, the following additional information is provided.

Information sheet pursuant to Article 13 of EU Regulation 2016/679

(as well as pursuant to Article 5.3 of Directive 2002/58/EC and Article 122 of Legislative Decree No.196 of 30 June 2003)

• Identity and contact details of the Data Controller and their representative
The Data Controller is E VAI S.r.l., with legal headquarters at Piazzale Luigi Cadorna 14 – 20123 Milan (MI) (hereinafter also the “Data Controller” or the “Company”). All the requests regarding personal data processed by the Company can be sent to the above address or to the following email address: customerservice@e-vai.com.

2. Contact details of Data Protection Officer

The Data Protection Officer can be contacted as follows: P.le Cadorna 14/16, 20123 Milan; Tel. 02.72151172; email: dpo@e-vai.com. Any updates to these contact details will be published on www.e-vai.com.

3. Purposes of data processing. Legal basis for data processing

Purposes for which consent is required from the data subject (Article 6, Paragraph 1, Point A, EU Regulation

2016/679). Exemption from consent, pursuant to Article 95 of EU Regulation 2016/679, Article 5.3 of Directive 2002/58/EC and Article 122 of Legislative Decree No.193, 30 June 2003.

Data will be processed solely to transmit information on an electronic network, or – as far as is strictly necessary – to supply a service expressly requested by the user.

In accordance with Article 95 of EU Regulation 2016/679, Article 5.3 of Directive 2002/58/EC and Article 122 of Legislative Decree No.196 of 30 June 2003, consent for personal data processing for the aforementioned purposes is not required.

4. Data recipients or categories of data recipients

In order to achieve the objectives set out in Point 3, data may be communicated to the following recipients:

• persons authorised to process personal data on the direct authority of the Data Controller;
• the following Data Processors:
• W4Y S.r.l., with legal headquarters in Monza (MB), Via Monti e Tognetti, 7, the designated Data Processor, as well as Italy-based companies or bodies operating in the IT sector who provide the Data Controller with services necessary to the management and/or maintenance of electronic and/or telematic devices used by us.
5. Transfer of data to other countries or international organisations

Your data will not be transferred to other countries or international organisations.

6. Personal data storage period

The personal data storage period is shown in the above Paragraph B.

7. Rights of data subjects

• Right of access, rectification, erasure and restriction of processing
You have the right to request:

• access to data (the data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data and the following information, as well as where personal data is transferred to a third Country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in accordance with relevant regulation);
• rectification of data (the data subject shall have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement);
• erasure of data (the data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her, where provided for by relevant legislation);
• restriction of processing (the data subject shall have the right to obtain from the Data Controller restriction of processing where provided for by relevant legislation; where processing has been restricted, such personal data shall, with the exception of storage, be processed only with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member state).
7.2 Right to data portability

Where processing is based on consent or a contract and is undertaken using automated equipment, the data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another Data Controller.

In exercising his or her rights to data portability, the data subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.

The exercise of the right to data portability shall be without prejudice to the right to erasure data. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

7.3 Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or processing necessary to pursue a legitimate interest of the Data Controller or of third parties, including profiling based on these provisions. Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. Moreover, where personal data is processed for scientific or historical research or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

7.4 Exercise of rights

All the requests relating to the exercise of the rights set out above can be sent to the Data Controller using the contact details indicated above.

7.5 Right to withdraw consent

Where processing of personal data or particular categories of personal data is based on consent, the data subject will have the right to withdraw his or her consent at any moment. This will be without prejudice to processing operations carried out before the withdrawal of consent. Consent can be withdrawn through a request made to the Data Controller using the contact details shown above.

7.6 Right to make a complaint to a supervisory authority

Where the data subject believes that processing of his or her personal data violates relevant legislation, the data subject has the right to make a complaint to a supervisory authority, specifically one in the Member state in which you habitually reside or work or in the location in which the supposed violation took place.

7.7 Nature of provision of data. Obligation to provide personal data and possible consequences of refusal to do so.

It is not mandatory for you to provide your personal data. If you refuse to allow the use of cookies (see Paragraph B), the Site may encounter functioning problems; some operations may not be able to be completed or could be more complicated, and it will not be possible to achieve the objectives set out in Paragraph 3 and Paragraph B, with regards to individual installed cookies.