Pursuant to Articles 6 and 7 of Regulation EU 2016/679, as well as based on what is provided by Provision No. 229 of May 8, 2014 and the Guidelines on cookies and other tracking tools of June 10, 2021 (published in the Official Gazette No. 163 of July 9, 2021) issued by the Guarantor for the protection of personal data, on this page the Data Controller, Droplet S.r.l. (hereinafter, “Company”, “Organization” or “Controller”), with registered office at Via Bogino, 13 – 10024 Moncalieri (TO) and operational headquarters at Via San Secondo 31, 10128 Turin, e-mail: info@droplet.it, provides users of the website https://www.droplet.it/ with information regarding the cookies used and/or proposed for storage.

This extended information on the use of cookies (hereinafter “cookie policy”) must be understood by having read, in a separate document, the privacy information ex Article 13 of European Regulation EU 2016/679 on the protection of personal data (GDPR), available in the appropriate section https://www.droplet.it/privacy/ present on the website https://www.droplet.it/, in the footer of the home page.

This cookie policy aims to describe the elements required by law, as well as the characteristics and purposes of the cookies installed by the website https://www.droplet.it/, include the updated link to the privacy notices and consent forms of third parties with which the Controller has entered into agreements for the installation of cookies via the site and finally recall the possibility for the user to express their options regarding cookies also through the settings of the browser used.

What are cookies

Recital 30 GDPR states that “Natural persons may be associated with online identifiers produced by devices, applications, tools, and protocols used, such as IP addresses, temporary markers (cookies) or other identifiers, such as radio frequency identification tags. These identifiers can leave traces which, particularly if combined with unique identifiers and other information received from servers, can be used to create profiles of individuals and identify them.”

Cookies are text files that the websites visited by users send to these users’ devices. These files are stored within them to be retransmitted later to the same source sites during a subsequent visit (i.e. user tracking). Cookies could be stored in the user’s device directly from the website that the user is visiting (first-party site) or from a different website (third-party site), since within each website there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that can reside and/or lead the user to links present on servers different from those providing the first-party site. Thanks to the storage of cookies, the user can customize the enjoyment of certain site contents by saving their preferred settings. This allows the association of specific behaviors online to the user and therefore their classification (profiling). For example, a cookie can be set for recognizing the user registered on the site so that they do not have to proceed with a new authentication upon a new visit (login).

Cookies are pseudonymous data, i.e., personal data where identifiable elements have been replaced by other elements (such as strings of text and numbers). By cross-referencing this data with other information, it is possible to reach the identification of the person, or rather the unique identification of the device used for access and online browsing.

Proposed taxonomy by the Guarantor

In Provision No. 229 of May 8, 2014 and in the Guidelines of June 10, 2021, the Guarantor for the protection of personal data proposes a taxonomy that identifies two categories of cookies based on two possible purposes of processing:

1. Technical Cookies
2. Profiling Cookies

Technical Cookies

They are needed to perform navigation and/or to provide a service to the user. They are not used for additional purposes and are normally installed directly by the website owner. Without these cookies, some operations could not be performed or would be more complex and less secure, such as online banking activities (viewing account statements, wire transfers, bill payments, etc.), for which cookies that allow for maintaining the identification of the user within the session are essential. For such reasons, these cookies do not require the acquisition of consent.

Profiling Cookies

They are used to track the user’s navigation online and create profiles regarding tastes, habits, choices, etc. With these cookies, advertising messages can be sent to the user’s device in line with the preferences already expressed by the user during online navigation.

User consent for the installation of cookies on the device

The expression of consent for the storage of cookies depends on the purposes for which the cookies themselves are used and from these depends whether they fall into the cases of “technical cookies” or “profiling cookies.” For the installation of technical cookies, no consent is required from users, while in the case of third-party cookies, it is necessary, among other things, to provide appropriate information (ex Articles 12 and 13 GDPR). Regarding only profiling cookies, they may be installed on the user’s device only if the user has expressed their free, voluntary, specific, and unequivocal consent after being adequately informed.

Moreover, with the new Guidelines, it has been established that the mechanism for obtaining online consent must ensure that, by default, at the first access to a web site, no cookie or other tool different from technical ones is placed within the user’s device, nor is any other active tracking technique used (for example, third-party cookies) or passive (for example, fingerprinting).

For profiling cookies, there is a necessity of consent to be requested through a distinguishable banner on the web page, through which users are offered the possibility to continue navigating without being tracked in any way, for example, by closing the banner by clicking on the X feature inserted at the top right.

Analytical Cookies

The Guarantor has specified that these cookies can be equated to technical cookies, in terms of information and consent, only if:

• They are used solely to produce aggregate statistics and concerning a single site or a single mobile application;
• The fourth component of the IP address is masked for third-party cookies;
• Third parties refrain from combining these minimized analytics cookies with other processing (customer files or statistics of visits to other sites, for example) or transmitting them to further third parties. However, third parties can produce statistics with data related to multiple domains, websites, or apps attributable to the same publisher or business group.

Since they can be equated to cookies technical, even analytics cookies can be used in the absence of prior consent from the interested party.

Data provision: