Privacy Policy and Cookies

This privacy and cookie policy is intended for users/visitors who interact with the official website of Exprivia Group, which is accessible electronically at https://www.exprivia.it, the home page of the site, pursuant to:

• Art. 13 of EU Regulation 2016/679;
• Provision of the Italian Data Protection Authority no. 229 of 8 May 2014 (Identification of the simplified procedures for information notices and the acquisition of consent for the use of cookies);
• Provision of the Italian Data Protection Authority no. 231 of 10 June 2021 (Guidelines for cookies and other tracking tools) which supplements Provision no. 229 of 2014 and provides important clarifications in order to assist controllers in the correct application of the current regulatory framework;
• Art. 29 of Working Party Recommendation no. 2/2001 relating to the minimum requirements for collecting personal data online in the EU;
• Directive 2009/136/EC, amending Directive 2002/58/EC (so-called "E-Privacy Directive") concerning the processing of personal data and the protection of privacy in the electronic communications sector;
• WP 29 Guidelines of 10 April 2019, ratified by the European Data Protection Board and replaced by the Guidelines 05/2020 on consent under Regulation 2016/679 adopted on 4 May 2020.

This policy describes the management of the official website of Exprivia Group only, and not other external websites which may be accessed by the user through links. Additional information may be provided within specific sections. The processing of personal data collected in certain formats from some sections of the website (e.g. the “Newsletter”, Contact us, Whistle-blowing and Job applications sections) are regulated through specific information notices, available in the relevant sections of the website. Access to the website does not require the user/visitor to provide any personal data.

1) TYPE OF DATA PROCESSED AND PURPOSE OF THE PROCESSING

1.1) Purpose of the processing

The processing of the personal data of users/visitors is exclusively intended to allow users to navigate the site. The personal data of users may also be used for the fulfilment of legal obligations.

1.2) Data voluntarily provided by the user

The voluntary and explicit sending of e-mails to the addresses indicated in the different access channels of this site involves the subsequent acquisition of the sender/user’s address and data, which are necessary to respond to the requests made, as well as any other personal information entered by the sender/user. The personal data provided by users will be communicated to third parties only if this communication is necessary to comply with the requests of the users themselves. The collected data will not be retained longer than necessary to fulfil the purpose for which it was acquired. These retention periods generally apply to all personal data that is collected to respond to the requests made.

1.3) Navigation data

The “software” platform used to operate this website acquires, during its normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties performed only at the prior explicit request of the court, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the website, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computing environment. This data is used only for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

1.4) Cookie Policy

Cookies are small text files that the sites visited by users send to their terminals, where information is stored that is then sent back to the same sites on subsequent visits. The terminals being referred to are, for example, a computer, tablet, smartphone, or any other device that can store information. Information encoded in the cookies may include personal information, such as an IP address, username, unique identifier, or e-mail address, but may also contain non-personal information, such as language settings or information about the type of device a person is using to browse the website. In addition to the above information, a cookie generally contains the Internet domain name (the site IP address) from which the cookie originates, the “duration” of the cookie (i.e. an indication of when it expires), and a numerical code, usually a unique, randomly generated number. This site does not use passive tracking tools such as fingerprinting, but only uses active identifiers such as cookies.

1.4.1) Technical cookies used by this site and their purposes

This site uses technical cookies, which are automatically installed following access to the site, for the proper functioning of the website. This type of cookie includes navigation or session cookies designed solely to allow the sending of the communication over an electronic communications network or to the extent strictly necessary for the provider of an information service to provide the services explicitly requested by the contracting party or user, or functionality cookies, which allow the user to navigate according to a series of selected criteria which, among other things, do not contain personal data (e.g. language, choices concerning certain types of non-technical cookies related to the device) in order to improve the service provided to the user. The technical cookies used by this site expire at the same time as the browser is closed, except those containing the user’s choice of consent for non-technical cookies, which expire in 6 months. At any time, the user will still have the right to accept or decline the use of cookies by changing their browser settings. If users use different computers in different locations, they must make sure that each browser is set up correctly. Users can easily delete each cookie installed in the cookie folder by following the procedures provided by the browser used.

1.4.2) Third-party cookies and social plugins

The pages of the Exprivia Group website may contain plugins, such as social network plugins. If the user accesses one of our web pages with this type of plugin, the internet browser will connect directly to the social network and the plugin will be displayed on the screen thanks to a connection with the browser. Exprivia uses the AddToAny Plugin to allow users to share information content published on the website on various social media platforms. For more information about the AddToAny Plugin, please refer to the following AddToAny Policy Privacy link. Before using these plugins, the data subject is invited to consult the privacy policy of the social networks, on their official pages. Plugins may use third-party cookies in some cases. The Exprivia website uses analytics cookies. Google Analytics cookies collect information about how the visitor uses the website. The data collected includes the number of visitors, their origin, and the pages visited. Exprivia acquires the data in aggregate and anonymous form for the sole purpose of analysing the sections of the site of greatest interest and to improving its offer through the site. For more information, please refer to the following link http://tools.google.com/dlpage/gaoptout. In addition, the Exprivia website uses YouTube third-party cookies to show Exprivia Group videos posted on the Exprivia Channel. For more information, please refer to the following link YouTube Policy Privacy. By default, all third-party cookies and social plugins are disabled. Users may opt-in or disable them at any time by using the “Cookie Settings” link located in the footer of each web page. If the visitor is accessing the site for the first time or the website does not find the technical cookie regarding the choices made about cookies, the website will show a brief information banner and give the option to accept them all, reject them all or customise them. In some cases, the disabling of cookies may mean that certain features cannot be used. Reiterating the request for consent in the event of a previous failure to provide consent is unlawful, which Exprivia will therefore not carry out. The consent banner may re-appear in the following cases:

• Where at least six months have passed since the previous display of the banner;
• In the case in which the conditions of the processing have changed significantly and, therefore, the banner also performs an information function in relation to the changes made (e.g. in case of modification of third-party cookies);
• When Exprivia cannot be certain that a cookie has already been stored on the device for transmission on a subsequent visit by the same user to the site that generated it (e.g. if the user deletes the legitimately installed cookies on the device without the controller being able to keep track of the intention to maintain the default settings and, therefore, to continue browsing without being tracked).

1.4.3) How to manage your cookie settings.

You can remove existing cookies and block the installation of new cookies through your browser settings. Users/visitors can choose whether to accept cookies from time to time by configuring their browser to generate an alert each time a cookie is saved. The most commonly used browsers provide the option to block third-party cookies only, accepting only those belonging to the site. The procedure for managing cookies is different for each browser. Here are the instructions for the most popular browsers. Google Chrome

• To find out how to manage cookies through the browser settings: https://policies.google.com/technologies/managing?hl=it.
• To find out how to activate incognito navigation mode: https://support.google.com/chrome/answer/95464?hl=it.
• To find out how to delete cookies, block them selectively, and receive alerts about your cookie settings: https://support.google.com/chrome/answer/95647?hl=it.

Edge

• To find out how to manage cookies, delete them and block them through the browser settings: https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d .

Firefox

• To find out how to manage cookies through the browser settings and other privacy functions: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie.
• To find out how to manage the privacy settings panel and block the tracking of your network activities: https://support.mozilla.org/it/kb/Impostazioni%20di%20Firefox%20-%20pannello%20Privacy.
• To find out how to enable and disable cookies: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie.
• To find out how to delete cookies: https://support.mozilla.org/it/kb/Eliminare%20i%20cookie.
• To find out how to block cookies: https://support.mozilla.org/it/kb/Bloccare%20i%20cookie.

Safari

• To find out how to manage cookies through the browser settings: http://supporto.teletu.it/assistenza-tecnica/configurazioni/browser-internet/safari/gestione-cookie/.

Opera

• To find out how to manage cookies through the browser settings: http://help.opera.com/Windows/10.00/it/cookies.html.

1.4.4) LINKS TO OTHER SITES

Browsing the Exprivia Group website allows access, through links, to other websites managed by third parties. These sites may collect personal information on the data subject. Exprivia does not control the sites that are managed by these parties and cannot be held responsible for their conduct. The provisions for protecting the privacy and security of personal data processed on the sites linked from or to the Exprivia Group site are not covered by this privacy policy. Therefore, Exprivia is not responsible for the privacy practices of these sites.  

2) METHOD OF DATA PROCESSING AND STORAGE

Personal data is processed using automated tools (e.g. using electronic media and procedures) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which it is collected and, in any case, in accordance with the applicable regulatory provisions. Specific security measures are followed to prevent data loss, unlawful or incorrect use, and unauthorised access. No automated decision-making and profiling will be applied to the collected data. After this period, the data will be deleted or anonymised, unless additional retention is required to fulfil legal obligations or to comply with orders issued by public authorities.  

3) OPTIONAL PROVISION OF DATA

The provision of personal data by the data subject for the purposes described in the previous section (1.2), should be considered optional. Non-provision may result in the impossibility of browsing certain sections of the site.  

4) DATA CONTROLLER, DATA PROTECTION OFFICER (DPO) AND APPOINTEES

The Data Controllers, relating to identified or identifiable persons who have consulted this site, are the companies belonging to Exprivia Group:

• Exprivia S.p.A. with registered office at Via A. Olivetti, 11- Molfetta (BA);
• Exprivia Projects Srl with registered office at Viale del Tintoretto 432 – Rome.

The Controllers have appointed a Data Protection Officer in accordance with Art. 37 et seq. of EU Regulation 2016/679, who can be contacted:

• through Exprivia SpA at the following email address: dpo_expriviaspa@exprivia.com
• through Exprivia Projects Srl at the following email address: dpo_expriviaprojects@exprivia.com

The processing connected to the web services of this site are exclusively handled by technical personnel, appointed/authorised and trained in the correct processing of personal data which, under no circumstances, will be disseminated.  

5) COMMUNICATION AND/OR DISSEMINATION OF DATA

Unless stated in point 1.2, the personal data provided by the user will not be disclosed to third parties or disseminated and will not be transferred to third countries (non-EU).

6) DATA RECIPIENTS

For the purposes described, or if indispensable or required by legal provisions or by authorities with the power to impose it, the Controllers reserve the right to communicate the data to recipients belonging to the following categories:

• the Data Protection Officer (DPO), to respond to the privacy requests of data subjects and for any further purpose that falls within the duties of the DPO, as specified in Art. 39 of EU Regulation 2016/679;
• Supervisory authorities and, in general, public or private subjects with public functions (e.g. police headquarters, judicial authorities, in any case only to the extent that the conditions laid down by the applicable law are met);
• other parent companies, subsidiaries or associate companies, pursuant to Art. 2359 of the Italian Civil Code;
• professional practices or companies in the context of support and consultancy relationships;
• subjects that carry out control, auditing and certification of the activities performed by the Controllers;
• suppliers of the Controllers, formally appointed as processors.

 

7) DATA SUBJECT RIGHTS

  The “data subjects”, i.e. the natural persons to whom the data refers, have the right, at any time, to access the information concerning them and to ask for its updating, rectification and supplementation, as well as erasure, anonymisation or blocking, the restriction of processing, and data portability, as well as to object to, for legitimate reasons, data processing in full or in part, in accordance with Articles 15 to 22 of EU Regulation 2016/679. Furthermore, if the processing of the data is based on consent, the data subject may withdraw the consent at any time. The withdrawal of consent does not invalidate the previous processing. The data subject can always object to processing for promotional purposes. The processing of personal data for IT security purposes or for protection needs fall in the category of processing for the legitimate interests of the Controller, in which case the data subject may object only for reasons connected to his or her specific situation, which the Controller will evaluate without prejudice to the execution of the defensive purposes. For any information regarding the processing of data, as well as to exercise the rights provided for in Articles 15-22 of EU Regulation 2016/679, users can send an email to the addresses of the DPO specified above. Furthermore, data subjects have the right to contact the Italian Data Protection Authority, based in Rome at Piazza Venezia, 11, or other authority to submit a complaint regarding the processing of their personal data pursuant to Art. 77 if they believe there has been a violation of their personal data. See www.garanteprivacy.it.  

8) AMENDMENTS TO THIS PRIVACY POLICY

This Privacy Policy may be subject to changes over time – also linked to the entry into force of any new regulations in the sector, to the updating or provision of new services or to technological innovations. Therefore, we invite the user/visitor to periodically consult this page.