- Directive 2002/58/EC – on the “processing of personal data and the protection of privacy in the electronic communications sector”
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
The Data Controller
By consulting this site, data relating to identified or identifiable persons may be processed. The controller of their processing is CEMB SPA based in Via Risorgimento, 9 – 23826 Mandello del Lario (LC), Italy, Tax code and VAT number 00221870132
Place of data processing and storage times
The processing connected to the web services of this site take place at the aforementioned headquarters of the Data Controller and are only handled by personnel expressly authorized by the latter pursuant to Article 28 of the GDPR. The data collected will be kept – for each type of data processed – exclusively for the time necessary to fulfil the specific purposes indicated in the specific summary information displayed on the pages of the site and drafted for particular services.
Types of data processed
Browsing data – The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data provided voluntarily by the user – The optional, explicit, and voluntary submission of personal data by the user in the registration forms on this site involves the subsequent acquisition of the data provided by the sender, necessary for the provision of the requested service.
Cookies are small text files containing information exchanged between a website and the user’s terminal (typically the browser). They are mainly used for the purpose of making websites work and making them operate more efficiently, as well as to provide information to the owners of the site. Cookies can be both session-related and persistent. Session-related cookies remain stored in the terminal for a short period of time and are deleted as soon as the user closes the browser. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site. Persistent cookies, on the other hand, remain stored in the user’s terminal until a set expiry date. These, not being deleted directly when the browser is closed, allow to remember the choices made by the user when using the site, as well as to collect information about the pages of the site visited, the frequency with which the site is visited and to identify the user browsing path, in order to improve the experience on the site visited. Lastly, session-related or persistent cookies can be “first party” or “third party” depending on whether the person installing the cookies on the user’s terminal is the same manager of the site browsed by the user (first party cookies) or a different subject (third party cookies).
Cookies used by this site
This site uses both “technical” cookies, that is, necessary for the operation of the site and inert from the point of view of data registration/user profiling, and “profiling” cookies, i.e. those offered by Google Analytics services that allow the collection of information about the user’s visit to the site, but without recording the user’s personal identification information.
The table below shows in detail the cookies currently present on the website.
|COOKIE NAME||DEFAULT EXPIRATION||COOKIE DESCRIPTION|
|_ga||The default expiration is set after 2 years||This cookie is associated with Google Universal Analytics and is used to offer an update to Google Analytics services. It is used to distinguish users by assigning each of them a randomly generated number as a client identifier. It is used to calculate the number of visitors to the page, sessions and data in order to produce analytic reports|
|_gat||The default expiration is one minute||This cookie is associated with Google Analytics, it is used to speed up access requests|
|_gid||The default expiration is 24 hours||This cookie is associated with Google Analytics, it is used to distinguish users.|
Browsers usually allow the control of most cookies through the browser settings. However, please note that the total or partial disabling of the so-called technical cookies can compromise the use of the site features. In any case, if the user does not wish to receive any type of cookies on his computer, neither from this site nor from others, he/she can raise the level of privacy protection by changing the security settings of the browser:
Links to other websites
This site may contain links or references for access to other sites, such as the Facebook social network. By clicking on the special links it is possible, for example, to share our content. Please note that the Data Controller does not control the cookies or other monitoring technologies of such websites to which this Policy does not apply.
Personal data is processed, also using automated tools. Specific security measures are implemented to prevent data loss, illicit or incorrect use, and unauthorized access. The Data Controller has adopted all the minimum security measures required by law and inspired by the main international standards, it has also taken further security measures to minimize the risks relating to the confidentiality, availability, and integrity of the personal data collected and processed.
Rights of interested parties
The personal data protection regulation expressly provides for some rights for the subjects to whom the data refer (so-called interested party). In particular, in relation to the processing of the aforementioned data, based on articles 15 et seq. of the Regulation, please note the right to obtain access to personal data concerning you; the rectification of data (correction of inaccurate data or integration), the cancellation of data processed in violation of the law or if one of the reasons specified by article 17 of the GDPR exists, as well as the right to data portability. You also have the right to make a complaint with a supervisory authority if you believe that the rights indicated herein have not been recognized.
Changes to these privacy policies
The Data Controller periodically checks its privacy and security policy and, if necessary, reviews it in relation to regulatory, organizational, or technological changes. In the event of a change in the policies, the new version will be published on this page of the site.