On this page, the Data Controller, the Company Cattolica Assicurazioni - Società cooperativa with offices in (37126) Verona, Lungadige Cangrande 16, provides information on the site management procedures in relation to processing the personal data of the individuals (users) who use it, either via direct access from the homepage or the site’s internal pages.
In accordance with Article 13 of EU Regulation 2016/679 of the European Parliament and Council (hereafter “EU REG”), this policy is also provided to those who interact with the Data Controller's web services, which are accessed on-line at the address www.cattolica.it.
The policy refers exclusively to this site and not to any others consulted by the user via links.
When browsing the site, data may be collected that refer to identified or identifiable people according to the methods described below.
With reference to the afore-mentioned cookies, the Data Controller informs that the computing systems and software procedures required for the operation of this web site acquire – during their normal activity – some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected so as to be associated with identified data subjects. However, due to their very nature they could allow for users to be identified through processing and association with data held by third parties.
This data category includes: IP addresses or domain names of the computers used by the users to connect to the site; URI addresses (Uniform Resource Identifier) of requested resources; the time of the request; the method used to submit the server request; the size of the file received in response; the numerical code indicating the data response status from the server (successful, error, etc.); and other parameters relating to the user’s operating system and computing experience.
These data are used to acquire information about site usage and the preferences specified by the user when browsing, and to check that it functions properly. Data collected in this way could be used to ascertain responsibility in the event of any computer-related crimes affecting the site; save for this case, data on web contacts shall only be stored for the time strictly necessary for the Data Controller’s aims.
Data provided directly by the user
The optional, explicit and voluntary sending of an e-mail to the addresses shown on this site leads to the subsequent acquisition of the sender's address – necessary to respond to requests – as well as any other personal data included in the message (for example, when users request information or clarifications by writing to the e-mail addresses on the site).
Specific summary information shall be progressively shown or displayed on the site pages for particular on-demand services, which may lead to personal data processing. (For instance, the transmission of personal data with forms or similar methods, as may be required in sections of this site, means that the data provided are processed in order to pursue users’ requests; the same applies to when curriculum vitae are spontaneously sent with the intention of applying for employment.)
Some general considerations on cookies are provided below in order to give a preliminary understanding of the Data Controller’s extended information on the subject.
Cookies are small strings of text that sites visited by users send to their PC (usually to the browser), where they are saved and then sent back to those sites during the user’s next visit.
When browsing a site, users may also receive cookies on their PC that are sent by different sites or web servers ( “third parties”), which may contain some elements (e.g. images, maps, sounds, specific links to other domain pages) present on the site they are visiting.
A high number of cookies are usually found in users' browsers, often also with characteristics spanning long periods of time. Cookies are used for various purposes: carrying out computer authentications, monitoring sessions, storing information on specific configurations relating to users who access the server, etc. In its Regulation of 8 May 2014, the Italian Data Protection Authority identified two macro-categories: “technical” cookies and “profiling” cookies.
Technical cookies are used for the sole purpose of “transmitting information on an electronic communication network, or to the extent strictly necessary, by the computing company’s service supplier who has been explicitly requested by the contractor or user to carry out said service” (cfr. art. 122, paragraph 1 of the Code). They are not used for any other purpose and are usually directly installed by the Data Controller or website manager. They can be subdivided into three types. “Browsing” or “session cookies” guarantee normal website browsing and use (for example allowing a purchase to be made or access to reserved areas to be authenticated). “Analytics cookies” are similar to technical cookies since they are used directly by the site manager to collect information in aggregate form on the number of users and how they visit a given site. Finally, “functionality cookies” allow users to browse according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided.
For the installation of these cookies, information must be provided in accordance with Art. 13 of the EU REG, but prior consent is not required from users.
“Profiling cookies”, on the other hand, are intended to create profiles relating to users and are used for the purpose of sending publicity messages that reflect their preferences during web navigation. For the invasiveness they may have in users’ private lives, European and Italian legislation require that users must be appropriately informed about their use and then express their valid consent (see Art. 122, paragraph 1 of the Code).
Extended information on cookies from the Data Controller
As previously mentioned, the Data Controller has formulated the cookies policy on two levels of increasing detail: an initial level in which users who access the site are given a “short” policy in a banner that immediately appears on the home page (or other page through which users can access the site) is completed by this “extended” policy. Users who want further information and to change their preferences on the various cookies stored through the site can access the extended policy via a link in the short policy or at the bottom of every page on the site.
Specific and analytical description of the characteristics and purposes of the cookies installed by the site
This site uses technical cookies – which are necessary to browse it – that allow for essential functions such as browser session management.
For maximum transparency, a series of technical cookies and their specific operations on the site are listed below:
• cookies directly installed in the computer of the user/contractor (which are not used for other purposes) such as session cookies. These cookies do not last and will be deleted when the browser is closed.
• cookies used to statistically analyse access/visits to the site (“analytics cookies”) for statistical purposes only (not profiling or marketing) and to collect information in aggregate form without the possibility of tracing the identity of individual users. This site uses Google Analytics, a statistical analysis system. In this case, given that legislation in force requires that for analytics cookies data subjects are given clear and suitable instructions of the simple way to opt out of their installation (including any anonymising mechanisms of those cookies), the Data Controller specifies that Google Analytics can be disabled as follows: open the browser, select the settings menu, click on internet options, open the tab relating to privacy and choose which cookies to block. If users wish to delete cookies that are already saved in the memory, they need only open the security tab and delete the history, ticking the “delete cookies” box.
Specifically and currently, the relative cookies are as follows:
|Cookie name||Type of cookie||Purpose|
|PHPSESSID||Session||Monitoring the ses|
Updated links to the policies and consent forms of the third parties with which the Data Controller has signed agreements to install cookies through this site.
The Data Controller outlines the cookies from third parties below (with which it has signed agreements for installation through this site), specifies that they are currently used for marketing purposes, and provides the updated links to the policies and consent forms of the given third parties.
|Cookie name||Google Analytics|
|Type of cookie||Third party|
|Purpose||Statistical analysis and reporting|
|Third party that stores and accesses user information collected with the cookies|
Google Chrome: https://support.google.com/accounts/answer/61416?hl=it
Apple Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
Disabling cookies could also disable some other functions of the site.
With the exception of that specified for browsing data and cookies, users can provide the personal data contained in the request forms or specified in contact with the Data Controller to request information, for other communications, etc. Not providing the data may mean that users’ requests cannot be pursued.
Personal data are processed with automated instruments for the time strictly necessary to carry out the aims for which they were collected. Technical data are stored on the Data Controller’s servers. Specific security measures are followed to prevent data loss, illicit and improper use and unauthorised access.
Data Subjects can exercise their rights by contacting the Data Controller and on its behalf, the ItaliaData Protection Authority of the Cattolica Group with offices in (37126) Verona, Lungadige, Cangrande, 16, email: firstname.lastname@example.org, cas described by Articles 15, 16, 17, 18, 20, and 21 of the EU REG. These include the right to receive confirmation that their personal data are or are not being processed, to gain access to the personal data and the following information: processing aims, data categories, data recipients, length of the possible storage period and its determining criteria. Furthermore: the right to rectify, erase (“right to be forgotten”), limit the processing, object to processing at any moment, and receive information on the origin of the data if not collected from the Data Subject and on the existence of an automated decision process or profiling activity. Data Subjects also have the right to data portability, pursuant to Art. 20 of the EU REG, and to lodge a complaint with the supervisory authority.