Cookie Policy

The following information is provided to the user in compliance with the provisions of the Italian Data Protection Authority’s decision of May 8, 2014, “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies,” and the subsequent Guidelines on Cookies and Other Tracking Tools of June 10, 2021 (issued by the aforementioned Authority). To view the purposes of data processing, please refer to the appropriate Privacy Policy available in the website footer.

Data controller

So.Di.Co. S.r.l.
Registered Office: Via Mascheroni Lorenzo n. 31, 20145, Milano (MI)
Operational Office: Via Foce Cesano 4/9, 60019, Senigallia (AN)
Email contact: privacy@sodico.it

WHAT ARE COOKIES?

Cookies are small text strings that a website can send to your device (such as a PC, notebook, smartphone, or tablet) while you are browsing. These cookies are typically stored directly on the browser used for navigation. The same website that transmitted them can then read and record the cookies found on the same device to obtain various types of information. What kind of information? Each type of cookie has a specific role.

HOW MANY TYPES OF COOKIES ARE THERE?

There are three fundamental macro-categories of cookies, each with different characteristics: technical cookies (which can be further divided into necessary or navigation cookies and functional cookies), analytical cookies (or statistical cookies), and profiling cookies.

Technical cookies are generally necessary for the proper functioning of the website and to enable navigation. Without them, you may not be able to view pages correctly or use certain services. For example, a technical cookie is essential to keep the user logged in during the entire visit to a website or to store language and display settings. Technical cookies can be further distinguished as follows:

Navigation cookies: These ensure the normal navigation and use of the website (e.g., allowing a purchase or authentication to access restricted areas).

Functionality cookies: These allow the user to navigate based on selected criteria (e.g., language, selected products for purchase) to improve the provided service.

Additionally, the following categories of cookies exist:

Analytics cookies: These can be assimilated to technical cookies only if used directly by the website operator to collect aggregated information about the number of users and how they visit the website, subject to the additional specific requirements outlined in the aforementioned Guidelines.

Profiling cookies are more sophisticated. They aim to profile the user and are used to send advertising messages in line with the preferences expressed by the user during their browsing.

Profiling cookies and analytical cookies, not assimilated to technical cookies, can also be called or classified as non-technical cookies.

Cookies can also be classified as:

Session cookies: These are deleted immediately when the browsing browser is closed.

Persistent cookies: Unlike session cookies, they remain within the browser for a specified period of time. They are used, for example, to recognize the device connecting to the website and facilitate user authentication operations.

First-party cookies: These are generated and managed directly by the website owner and/or operator the user is browsing.

Third-party cookies: These are generated and managed by parties other than the website owner and/or operator the user is browsing (including when there is a contract between the website owner and the third party). Third-party cookies may also include the aforementioned profiling cookies (or non-technical cookies in general). For such types of cookies, reference is made to the above statements regarding obtaining prior free consent. Detailed and up-to-date information on the use and expiration of third-party cookies can be found on the specific information pages of the respective third parties, which can be accessed through specific links provided in the description of the individual cookies used and, if applicable, listed below.

EXERCISE OF DATA SUBJECT RIGHTS

The data subject, in relation to the personal data covered by this information, has the right to exercise the rights provided by the EU Regulation listed below:

• Right of access by the data subject [Article 15 of the EU Regulation]: The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, and, if so, access to the information expressly provided for in the mentioned article. This includes, for example, the purposes of the processing, the categories of data and recipients, the retention period, the existence of the right to erasure, rectification or restriction, the right to lodge a complaint, all available information on the origin of the data, the possible existence of automated decision-making in accordance with Article 22 of the Regulation, as well as a copy of their personal data.

Right to rectification [Article 16 of the EU Regulation]: The data subject has the right to obtain from the data controller the rectification and/or integration of inaccurate personal data concerning them, without undue delay.

Right to erasure (“right to be forgotten”) [Article 17 of the EU Regulation]: The data subject has the right to obtain the erasure of their personal data without undue delay, if one of the reasons expressly provided for in the mentioned article applies. This includes, for example, the cessation of the need for processing for the purposes, withdrawal of the consent on which the processing is based, objection to the processing where it is based on overriding legitimate interests, unlawful processing of the data, erasure for legal obligations, data of minors processed without meeting the conditions of applicability provided for in Article 8 of the Regulation.

Right to restriction of processing [Article 18 of the EU Regulation]: In cases provided for in Article 18, including unlawful processing, disputing the accuracy of the data, objection by the data subject, and the cessation of the need for processing by the data controller, the data subject’s data must only be processed for storage, subject to their consent and other cases expressly provided for in the mentioned article.

Right to data portability [Article 20 of the EU Regulation]: The data subject, in cases where processing is based on consent and contract and is carried out by automated means, has the right to receive their personal data in a structured, commonly used, and machine-readable format, and has the right to transmit this data to another controller.

Right to object [Article 21 of the EU Regulation]: The data subject has the right to object to the processing of their personal data when the processing is based on overriding legitimate interests or is carried out for direct marketing purposes.

Right not to be subject to automated decision-making [Article 22 of the EU Regulation]: The data subject has the right not to be subject to a decision, including profiling, based solely on automated processing (e.g., exclusively carried out through electronic tools or computer programs).

The description provided above does not replace the text of the articles mentioned, which are fully referenced and to which you are referred in the last section of this cookie policy.

WHAT COOKIES DO WE USE?

FIRST-PARTY COOKIES

I A) TECHNICAL COOKIES

Among these technical cookies described above, we highlight essential or navigation cookies, which enable functions without which it would not be possible to fully or completely use the Site.

These cookies are first-party cookies. Essential cookies cannot be disabled using the Site’s functions.

Also included within the scope of technical cookies are functionality cookies, mentioned above, as well as so-called “analytics” cookies, which serve exclusively statistical purposes and collect information in an aggregated form without the possibility of identifying individual users.

The installation of such cookies does not require the prior consent of users. These cookies can also be disabled and/or deleted through browser settings (see below). Such deletion does not constitute withdrawal of consent.

If the use of cookies is blocked, the service offered to the User through the Site will be limited, thereby affecting the user experience of the Site.

Below, for each technical cookie used, we provide the name, purpose of use, and retention period.

Necessary cookies (including navigation cookies).

NomeScopoDurata
borlabs-cookieSalva le preferenze dei visitatori selezionate nella Cookie Box1 anno
_GRECAPTCHAPrevenzione spam da moduli di contatto5 mesi e 27 giorni

I B) PROFILING COOKIES

In addition to technical cookies, the Data Controller informs the User that profiling cookies are also used on the Website, as described above, which also serve the purpose of analyzing user behavior for marketing purposes. The use of such cookies requires the prior acquisition of the user’s free consent, which the Website obtains in accordance with the Provision of the Guarantor issued on May 8, 2014, and subsequent amendments. This consent can be revoked at any time by clicking on the button mentioned above. Refusing or revoking consent for the use of one or more profiling cookies will not interfere with the ability to access or browse the Website, except for the inability to access pages and sections of the site that use such cookies. In such cases, a specific notification will appear to inform the User of this circumstance. Below, for each profiling cookie used, we provide the name, purpose of use, and storage duration.

II THIRD-PARTY COOKIES

During navigation, the User may receive cookies from different websites or web servers on their device (so-called “third-party cookies,” as described above). These cookies are set directly by website managers other than the present Website. You will find more information about the use of each cookie by accessing the link provided in the table below. Below, we provide the name, purpose, cookie type, the name of the third party that sets and manages the cookie and processes the information, as well as the respective link to the third party’s website where you can also revoke your consent or learn about the revocation process. Nome cookie (Cookie name) | Scopo (Purpose) | Tipologia del cookie (Cookie type) | Terza Parte (Third Party) | Link al sito (Link to the website) Please note that the information in the table should be provided by the website or service you are referring to.

NomeScopoTipologiaTerza parteLink
_gaG. AnalyticsStatisticaGooglePolicy
_ga_<container>G. AnalyticsStatisticaGooglePolicy

Finally, below are the links to the most common browsers, where you can find information on how to disable the storage or delete cookies already stored in your browser:

Notice regarding minors under 14 years old

Children under 14 years old cannot provide personal data. So.Di.Co. S.r.l. will not be held responsible for any collection of personal data or false statements provided by a minor. In any case, if such use is identified, So.Di.Co. S.r.l. will facilitate the right of access and deletion requested by the legal guardian or person exercising parental responsibility.

Changes and updates

This information notice indicates the date of its last update in the header. So.Di.Co. S.r.l. may also make changes and/or additions to this privacy policy as a result of any subsequent changes and/or legislative amendments.

Normative references on data subject rights

Article 15

Right of access by the data subject

The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, if so, access to the personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

The data controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.

The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Article 16 Right to rectification The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.

Article 17 Right to erasure (“right to be forgotten”)

  1. The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall have the obligation to erase personal data without undue delay if one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a), and there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1), and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  2. Where the data controller has made the personal data public and is obliged, pursuant to paragraph 1, to erase the personal data, the data controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; c) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3); d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise, or defense of legal claims.

Article 18 Right to restriction of processing

  1. The data subject has the right to obtain from the data controller the restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data; b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) even though the data controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise, or defense of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the data controller override those of the data subject.
  2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  3. The data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the data controller before the restriction of processing is lifted.

Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing. The data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients if the data subject requests it.

Article 20 Right to data portability

  1. The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where: a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and b) the processing is carried out by automated means.
  2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
  3. The exercise of the right referred to in paragraph 1 of this article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Articolo 21 Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling based on those provisions. The data controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
  5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject shall have the right to object to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Articolo 22 Automated individual decision-making, including profiling

  1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  2. Paragraph 1 shall not apply if the decision: a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; b) is authorized by Union or Member State law to which the data controller is subject, which also lays down suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests; or c) is based on the data subject’s explicit consent.
  3. In the cases referred to in paragraph 2(a) and (c), the data controller shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies and suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests are in place.