Extended cookie policy

According to current legislation on the protection of personal data (“Privacy Policy”), included in the EU Regulation 2016/679 (“GDPR”) and the Provision of the Authority for the Protection of Personal Data (“Privacy Authority”) no. 229/2014 on simplified arrangements for providing information and obtaining consent regarding cookies, ARROW LUXORY INVESTMENTS S.R.L., as the data controller (the “Data Controller”) provides you with the following information about the cookies installed on the website https://incantogourmet.com/en/ (the “Website”).

1. What are cookies?

Cookies are small text strings that the sites visited by the user send to its terminal (usually the browser), where they are stored and automatically sent back to the website to any occurrence or next access by the same user.
Some of these cookies are installed by the site manager (“first-party cookies”). While browsing a site, could also receive on his terminal cookies of different sites (“third-party cookies”), set directly from managers of such websites, on which some elements may reside (such as, for example, images, maps, sounds, specific links to other domains pages) and present on the website visited by the user.
Depending on the type and purpose of cookies, different fulfillments and purposes are provided under the law on processing personal data. Below are the types of cookies used by the Website, with its relative features, purposes and storage times.
It is specified that where the indicated retention period is the “session”, it means that the data remains for the duration of a session and is deleted when the user closes the browser used for browsing the web.

2. Technical cookies

Technical cookies allow the transmission of a communication over a electronic communication network, or to the extent strictly necessary for the provider of the information society service explicitly requested by the subscriber or user.

2.A Session or navigation technical cookies

They guarantee normal navigation and use of the website.
For such cookies, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website:

Name Installer Lifetime Scope
woocommerce_cart_hash First-party (woocommerce) session Shopping cart functioning
woocommerce_items_in_cart First-party (woocommerce) session Shopping cart functioning
PHPSESSID First-party (server web) session Allows the website to understand that when various pages are requested, it is always the same user to do so

2.B. Functional technical cookies

They allow the user to browse according to a set of selected criteria (such as language, products selected for purchase) in order to improve the service offered to the same.

For such cookies, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website:

Name Installer Lifetime Scope
pll_language First-party (wordpress polylang) 1 year Remembers the language selected by the user
stripe_mid First-party (stripe) 1 year Order processing system with selected payment type “credit card”
_stripe_sid First-party (stripe) 30 minutes Order processing system with selected payment type “credit card”
cookie_notice_accepted First-party (wordpress) 30 days Remembers if the GDPR banner has been accepted
wp_woocommerce_session_[HASH] First-party (Woocommerce) 2 days Creates code to recover user cart from database
wordpress_logged_in_[HASH] First-party (WordPress) 15 days Helps the website understand that the user is registered
wordpress_sec_[HASH] First-party (WordPress) 15 days Serves to save customer credentials
MCPopupClosed First-party (Mailchimp) 1 year Remembers the popup menu closing choice
m.stripe.network Third-party (Stripe) 2 years Fraud prevention and detection
js.stripe.com Third-party (Stripe) 2 years Fraud prevention and detection
mailchimp_landing_site First-party (mailchimp) 28 days records the user landing page
_ga First-party (google) 2 years Recognizes users
_gid First-party (google) 24 hours Recognizes users
_gat First-party (google) 2 minutes Handles the number of requests
AMP_TOKEN First-party (google) 1 year Contains a token that can be used to recover a client ID from the ID service client AMP. Other possible values indicate “opt-out”, “inflight request” or an error in recovering a “client ID” from the “ID service client AMP”.
_gac_[property-id] First-party (google) 90 days Contains information related to the campaign for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
mc_cid First-party (Mailchimp) 14 days Campaign identification number
mc_eid First-party (Mailchimp) 14 days E-mail identification number
mc_landing_site First-party (Mailchimp) 14 days Number of visitors entering the website
__utma First-party (google) 2 years Used to distinguish users and sessions. The cookie is created when the “javascript library” is executed and there are no existing “__utma” cookies. The cookie is updated every time the data is sent to Google Analytics.
__utmt First-party (google) 10 minutes Used to limit the “request rate”
__utmb First-party (google) 30 minutes Used to definenew sessions/visits. The cookie is created when the “javascript library” is executed and there are no existing “__utmb” cookies. The cookie is updated every time the data is sent to Google Analytics.
__utmc First-party (Google) Session Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie worked in combination with the __utmb cookie to determine whether the user was in a new session.
__utmz First-party (google) 6 months Stores the traffic source or campaign that explains how the user has reached the website. The cookie is created when the javascript library is executed. The cookie is updated every time the data is sent to Google Analytics.
__utmv First-party (google) 2 years Used to store customized variable data at the visitor level. The cookie is created when the developer uses the _setCustomVar method with variable customized at visitor level. The cookie was also used for the _setVar “deprecated” method. The cookie is updated every time the data is sent to Google Analytics.

Analytics cookies, used directly by the administrator of the website to gather statistical information in aggregated form, to count visitors to our website and analyse their usage of the website are treated as techincal cookies. Therefore, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website.

3. Profiling cookies

The website uses profiling cookies, after obtaining consent, necessary to create user profiles in order to send advertising messages in line with the preferences expressed by the user within the pages of the Website.

The legal basis of the processing is the user consent.

Name Installer Lifetime Scope
_fpb First-party (Facebook) 90 days Facebook pixel that analyzes website activity and visitor behavior
mailchimp_user_email First-party (mailchimp) 28 days Remembers if user suscribed to the newsletter
mailchimp.cart.previous_email First-party (mailchimp) session Mailchimp uses it to send an email to remember items left in cart and not purchased
mailchimp.cart.current_email First-party (Mailchimp) session Mailchimp uses it to send an email to remember items left in cart and not purchased

4. Cookies preferences management

When accessing any page of the Website, there is a banner that contains a shortened policy. Inside the banner there is a link that allows you to access the management tool for preferences regarding cookies installation. Continuing the navigation, through access to another area of the website or the selection of an element of the same (such as an image or a link), you consent to the use of third-party cookies. The consent to the use of cookies is registered with a “technical cookie” feature.
Technical cookies are generated with opening and closing browser (when you log in to session) and deactivate by emptying the browser cache.
The user can manage preferences related to cookies directly within their browser and, for example, prevent third parties from installing cookies, delete cookies installed in the past, including the cookie that saves the consent to install cookies by this website. For more information see the specific help page of the web browser that you are using.
The user can exercise the following rights:
Block third-party cookies: third-party cookies are generally not necessary to navigate, so you can refuse them by default, through appropriate browser functions.
Activate the Do Not Track option: the Do Not Track option is present in most of the latest generation browsers. If activated, the website automatically ceases to collect certain navigation data.
Delete cookies directly: allows you to delete all cookies in block.

Regarding cookies installed by third parties, the User can also manage his own settings and revoke consent by visiting the relative opt out link (if available), using the tools described in the third party’s privacy policy or by contacting them directly.

5. Communication and diffusion of data

The data collected using cookies may be processed by employees and collaborators of the Owner as authorised subjects and/or system administrators. Such data may be communicated to companies that provide IT advice appointed as responsible of management.
The data collected using cookies will not be disclosed to third parties or in any other way disseminated.
The data collected using the services of third parties may be transferred outside the European Union, in particular to:

Third-party Location Privacy discipline
Google USA Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016.
Mailchimp USA Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016.
Stripe USA Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016.
Facebook USA Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016.

6. Data Controller and Data Processor

The Data Controller and Processor is ARROW LUXORY INVESTMENTS S.R.L., headquartered in Via Piero della Francesca, n. 38, 20154 Milano, VAT number 08958250964, certified email arrowluxury@legalmail.it
The Data Controller has not appointed, not being legally bound to, a Data Protection Officer.

7. Amendments to this document

This document constitutes the extended cookie policy.
It can be subject to amendments, updates and modifications. In case of changes and relevant updates these will be reported with appropriate notifications to users.