This policy provides users of this portal (from now on, “Portal“) with the information required by art. 13 of Reg. (EU) n. 2016/679 (hereinafter referred to as “GDPR“), accordingly with art. 122 of Legislative Decree 196/2003 (hereinafter referred to as “Privacy Code“) and Decision of Italian Data Protection Authority of 8 May 2014, “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies“, as supplemented by “Guidelines on the use of cookies and other tracking tools” of 10 June 2021 (hereinafter referred to as “Decision“).

  1. Identity and contact details of the data controller

The data controller is Amilon S.r.l., C.F. and P.IVA 05921090964, with registered office in via Natale Battaglia n. 12, Milan, e-mail address [email protected] (from now on, “Data Controller” or “Amilon”).

  1. Contact details of the Data Protection Officer (DPO)

The DPO can be contacted at the e-mail address [email protected].

  1. Types of data processed

a. Navigation data
The computer systems and software procedures used to operate the portal acquire, during their regular operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.

These data, necessary for the use of web services, are also processed to:

– allow access to the portal and the use of the relative functionalities;

– to allow and monitor the correct functioning of the portal and carry out maintenance activities

– obtaining anonymous statistical information on the use of the portal;

– to ascertain possible responsibilities in case of hypothetical computer crimes against the portal and to exercise and/or defend the Controller’s rights.

The legal bases of the processing carried out for the above purposes are the execution of a contract to which the interested party is a party and the pursuit of the Controller’s legitimate interest.

b. Data provided voluntarily by the user

To benefit from certain services on the portal it is necessary to provide personal data. Please refer to the specific information provided at the time of collection.

c. Information processed through cookies

The portal uses cookies.

What are cookies?

Cookies are small text files sent to the user’s terminal equipment (usually to the user’s browser) by the websites the user visits; they are stored in the user´s terminal equipment to be then re-transmitted to the websites on the user’s subsequent visits.

Types of cookies

In general, there are three different ways to classify cookies: their provenance, how long they endure, what purpose they serve.

First party and third party cookies

Unlike first-party cookies, which are put on your device directly by the website you are visiting, third-party cookies are placed on your device by a third party (like an advertiser or an analytic system).

Permanent and session cookies

Session cookies are temporary and expire once you close your browser (or once your session ends).

Persistent cookies remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.

Technical, analytical and profiling cookies

Depending on the purpose, cookies can be divided into technical cookies and profiling cookies.

Technical cookies are stored for the sole purpose of “carrying out the transmission of a communication over an electronic communication network or as strictly necessary for the supplier of an information society service explicitly requested by subscriber or user to provide the service” (see Art. 122, paragraph 1 of Privacy Code).

They are essential for you to browse the websites and use its features, such as accessing secure areas of sites (so-called “essential” or “strictly necessary”). They allow a user to navigate back and forth between pages without losing their previous actions from the same session. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies.

This category includes also “references cookies” (also known as “functionality cookies”), which allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your username and password are so that you can automatically log in.

Statistics” or “analytical cookies (also known as “performance cookies”) collect information about how you use a website, which pages you visited and which links you clicked on in order to improve website functions.

Pursuant to the art. 122, paragraph 1 of the Privacy Code, technical cookies do not require consent, but it should be explained to the user what they do and why they are necessary or useful.

Pursuant to the Decision, analytical cookies are equivalent to technical cookies (and, therefore, users’ consent is not required) if:

  • are stored directly exclusively by the owner of the visited website with the purpose to collect aggregated information on the number of users and how they visit the website, or
  • created and made available by third parties if:
  1. used by the first party for merely statistical purposes, where the ability to identify users is reduced (for example, through hiding significant portions of the IP address) and such data are processed just for make aggregate statistics in relation to a single site or a single mobile application (so there is no tracking of the navigation of the user on different applications or navigating different websites);
  2. such third parties, who provide the web measurement service, do not combine, enrich or cross-reference the data, even minimized as above, with other information available to them (e.g. customer files or statistics of visits to other sites) or transmit them to other third parties.

“Profiling” or “marketing” cookies are used to track your on line activity and behaviour for marketing purposes. They allow advertisers to create profiles of users’ preferences, habits, choices, etc. in order to deliver them targeted advertising.

These kinds of cookies can be stored on the users’ device only after they have given their consent.

Uses must be able to access the websites even if they refuse to allow the use of profiling cookies.

List of cookies and other tracking tools used by the Portal

Technical cookies

The Portal uses cookies or other technical tools installed for the purposes indicated below, for which the prior consent of the users is not required pursuant to art. 122 of the Privacy Code.

Below, the name, purpose of use, the first or third party to which it refers and duration are reported for each cookie used.

_GRECAPTCHA Third-party (Domain: ) oogle reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis. 6 months
PHPSESSID First-party (Domain: Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. Session
__cf_bm Third-party (Domain: This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 30 minutes
wp-wpml_current_language First-party (Domain: Stores the current language. By default, this cookie is set only for logged-in users. If you enable the language cookie to support AJAX filtering, this cookie will also be set for users who are not logged in. Session
TCPID First-party (Domain: Before users provided consent TrustCommander uses the TCPID cookie to measure anonymous statistics for privacy banner. 1 year

Anonymized analytical cookies

The Portal uses analytical cookies created and made available by third parties to statistically analyze accesses or visits to the Portal itself, to allow the Controller to improve the structure, navigation logic and content and to collect information on the use of the Portal.

For more details and information you can visit the following link:

These cookies, suitably anonymized (by masking significant portions of the IP address), allow the collection of aggregate information on the number of users and how they visit the portal without being able to identify the individual user. Therefore, the prior consent of users is not required, in accordance with the provisions of the Measure.

Below, for each analytical cookie used, the name, the first or third party to which it refers, the purpose of use and duration are reported.

_ga First-party (Domain: This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. 2 years
_ga_XXX First-party (Domain: This cookie is part of Google Analytics and is used to limit requests (throttle request rate). 1 minute

Profiling tools

On the page(s) below are installed the so-called “pixels” of Facebook to show personalized ads of the same, as well as of Amilon, on Facebook. For these tools, as indicated above, the prior consent of the users is required pursuant to art. 122 of the Privacy Code and in accordance with the Provision.

Below is the name of the tool, the third party to which it refers, the purpose of its use and its duration, as well as the link to the privacy policy of that third party.

_fbp First-party (Domain: Used by Meta to deliver a series of advertisement products such as real time bidding from third party advertisers 3 months
  1. Provision of data

Without prejudice to what has been indicated above regarding cookies and similar markers used on the Portal, navigation data are necessary to carry out computer and telematic protocols.

The interested party remains free to give consent or not to give consent to profiling through the tracking tools mentioned above.

  1. Recipients

The processing of data related to the web services of the Portal is carried out by personnel expressly authorized to do so and who have received adequate operational instructions.

The data will be communicated to Meta Platforms, Inc. who will process them for the purposes indicated in the previous art. 3 as autonomous controller.

The data may be communicated to public authorities.

Where data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that have not been deemed adequate by the European Commission, the “transfer tools” referred to in Article 45 of the GDPR will be used, evaluating the possible provision of “supplementary measures” to ensure a level of protection substantially equivalent to that required by EU law. For more information, see the links to the privacy policy of the third parties indicated in the table.

  1. Procedures for granting and revoking consent for the installation of profiling cookies

The profiling cookies will be installed on your devices only after consent, expressed by selecting the “Accept” button in the banner containing the short information. Consent to the use of cookies is recorded with a special “technical cookie”.

You can always change your choice and, in particular, revoke the consent previously given, by clicking on “Cookie settings” at the bottom of each page of the Portal.

It is understood that where the user clicks on “Technical cookies only”, no profiling cookies will be installed.

Users may, however, express their options on cookies also through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, the user can modify the default configuration through the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking cookies or deleting them may compromise the optimal use of certain areas of the Portal or prevent certain features of the same, as well as affect the operation of third party services. Below are the links to the guides to cookie management for the main browsers:

For browsers other than those listed above, it is necessary to consult the relevant guide to identify how to manage cookies.

  1. Data subjects’ rights

Data subjects may exercise their rights under the GDPR by sending an e-mail to [email protected]. In particular, in addition to what is pointed out in the previous paragraph, they have the right:

  • to obtain the confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access the data concerning them in accordance with Article 15 GDPR,
  • to obtain the rectification of inaccurate data,
  • to have incomplete data completed,
  • to obtain the erasure of data in the cases provided for by Article 17 GDPR (“right to be forgotten”),
  • to obtain restriction of processing in the cases provided for by Article 18 GDPR,
  • to object, at any time, on grounds relating to their own particular situation, to the processing carried out in the legitimate interest of the Controller,
  • where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (“right to data portability”);
  • to lodge a complaint with the competent supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.