According to current legislation on the protection of personal data (“Privacy Policy”), included in the EU Regulation 2016/679 (“GDPR”) and the Provision of the Authority for the Protection of Personal Data (“Privacy Authority”) no. 229/2014 on simplified arrangements for providing information and obtaining consent regarding cookies, ARROW LUXORY INVESTMENTS S.R.L., as the data controller (the “Data Controller”) provides you with the following information about the cookies installed on the website https://incantogourmet.com/en/ (the “Website”).
1. What are cookies?
Cookies are small text strings that the sites visited by the user send to its terminal (usually the browser), where they are stored and automatically sent back to the website to any occurrence or next access by the same user.
Some of these cookies are installed by the site manager (“first-party cookies”). While browsing a site, could also receive on his terminal cookies of different sites (“third-party cookies”), set directly from managers of such websites, on which some elements may reside (such as, for example, images, maps, sounds, specific links to other domains pages) and present on the website visited by the user.
Depending on the type and purpose of cookies, different fulfillments and purposes are provided under the law on processing personal data. Below are the types of cookies used by the Website, with its relative features, purposes and storage times.
It is specified that where the indicated retention period is the “session”, it means that the data remains for the duration of a session and is deleted when the user closes the browser used for browsing the web.
2. Technical cookies
Technical cookies allow the transmission of a communication over a electronic communication network, or to the extent strictly necessary for the provider of the information society service explicitly requested by the subscriber or user.
2.A Session or navigation technical cookies
They guarantee normal navigation and use of the website.
For such cookies, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website:
Name | Installer | Lifetime | Scope |
---|---|---|---|
woocommerce_cart_hash | First-party (woocommerce) | session | Shopping cart functioning |
woocommerce_items_in_cart | First-party (woocommerce) | session | Shopping cart functioning |
PHPSESSID | First-party (server web) | session | Allows the website to understand that when various pages are requested, it is always the same user to do so |
2.B. Functional technical cookies
They allow the user to browse according to a set of selected criteria (such as language, products selected for purchase) in order to improve the service offered to the same.
For such cookies, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website:
Name | Installer | Lifetime | Scope |
---|---|---|---|
pll_language | First-party (wordpress polylang) | 1 year | Remembers the language selected by the user |
stripe_mid | First-party (stripe) | 1 year | Order processing system with selected payment type “credit card” |
_stripe_sid | First-party (stripe) | 30 minutes | Order processing system with selected payment type “credit card” |
cookie_notice_accepted | First-party (wordpress) | 30 days | Remembers if the GDPR banner has been accepted |
wp_woocommerce_session_[HASH] | First-party (Woocommerce) | 2 days | Creates code to recover user cart from database |
wordpress_logged_in_[HASH] | First-party (WordPress) | 15 days | Helps the website understand that the user is registered |
wordpress_sec_[HASH] | First-party (WordPress) | 15 days | Serves to save customer credentials |
MCPopupClosed | First-party (Mailchimp) | 1 year | Remembers the popup menu closing choice |
m.stripe.network | Third-party (Stripe) | 2 years | Fraud prevention and detection |
js.stripe.com | Third-party (Stripe) | 2 years | Fraud prevention and detection |
mailchimp_landing_site | First-party (mailchimp) | 28 days | records the user landing page |
_ga | First-party (google) | 2 years | Recognizes users |
_gid | First-party (google) | 24 hours | Recognizes users |
_gat | First-party (google) | 2 minutes | Handles the number of requests |
AMP_TOKEN | First-party (google) | 1 year | Contains a token that can be used to recover a client ID from the ID service client AMP. Other possible values indicate “opt-out”, “inflight request” or an error in recovering a “client ID” from the “ID service client AMP”. |
_gac_[property-id] | First-party (google) | 90 days | Contains information related to the campaign for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. |
mc_cid | First-party (Mailchimp) | 14 days | Campaign identification number |
mc_eid | First-party (Mailchimp) | 14 days | E-mail identification number |
mc_landing_site | First-party (Mailchimp) | 14 days | Number of visitors entering the website |
__utma | First-party (google) | 2 years | Used to distinguish users and sessions. The cookie is created when the “javascript library” is executed and there are no existing “__utma” cookies. The cookie is updated every time the data is sent to Google Analytics. |
__utmt | First-party (google) | 10 minutes | Used to limit the “request rate” |
__utmb | First-party (google) | 30 minutes | Used to definenew sessions/visits. The cookie is created when the “javascript library” is executed and there are no existing “__utmb” cookies. The cookie is updated every time the data is sent to Google Analytics. |
__utmc | First-party (Google) | Session | Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie worked in combination with the __utmb cookie to determine whether the user was in a new session. |
__utmz | First-party (google) | 6 months | Stores the traffic source or campaign that explains how the user has reached the website. The cookie is created when the javascript library is executed. The cookie is updated every time the data is sent to Google Analytics. |
__utmv | First-party (google) | 2 years | Used to store customized variable data at the visitor level. The cookie is created when the developer uses the _setCustomVar method with variable customized at visitor level. The cookie was also used for the _setVar “deprecated” method. The cookie is updated every time the data is sent to Google Analytics. |
Analytics cookies, used directly by the administrator of the website to gather statistical information in aggregated form, to count visitors to our website and analyse their usage of the website are treated as techincal cookies. Therefore, the legal basis of the processing is the legitimate interest of the Data Controller and it is not necessary to acquire the user’s consent, but is sufficient the following information on the type and purpose of cookies used by the website.
3. Profiling cookies
The website uses profiling cookies, after obtaining consent, necessary to create user profiles in order to send advertising messages in line with the preferences expressed by the user within the pages of the Website.
The legal basis of the processing is the user consent.
Name | Installer | Lifetime | Scope |
---|---|---|---|
_fpb | First-party (Facebook) | 90 days | Facebook pixel that analyzes website activity and visitor behavior |
mailchimp_user_email | First-party (mailchimp) | 28 days | Remembers if user suscribed to the newsletter |
mailchimp.cart.previous_email | First-party (mailchimp) | session | Mailchimp uses it to send an email to remember items left in cart and not purchased |
mailchimp.cart.current_email | First-party (Mailchimp) | session | Mailchimp uses it to send an email to remember items left in cart and not purchased |
4. Cookies preferences management
When accessing any page of the Website, there is a banner that contains a shortened policy. Inside the banner there is a link that allows you to access the management tool for preferences regarding cookies installation. Continuing the navigation, through access to another area of the website or the selection of an element of the same (such as an image or a link), you consent to the use of third-party cookies. The consent to the use of cookies is registered with a “technical cookie” feature.
Technical cookies are generated with opening and closing browser (when you log in to session) and deactivate by emptying the browser cache.
The user can manage preferences related to cookies directly within their browser and, for example, prevent third parties from installing cookies, delete cookies installed in the past, including the cookie that saves the consent to install cookies by this website. For more information see the specific help page of the web browser that you are using.
The user can exercise the following rights:
Block third-party cookies: third-party cookies are generally not necessary to navigate, so you can refuse them by default, through appropriate browser functions.
Activate the Do Not Track option: the Do Not Track option is present in most of the latest generation browsers. If activated, the website automatically ceases to collect certain navigation data.
Delete cookies directly: allows you to delete all cookies in block.
Regarding cookies installed by third parties, the User can also manage his own settings and revoke consent by visiting the relative opt out link (if available), using the tools described in the third party’s privacy policy or by contacting them directly.
5. Communication and diffusion of data
The data collected using cookies may be processed by employees and collaborators of the Owner as authorised subjects and/or system administrators. Such data may be communicated to companies that provide IT advice appointed as responsible of management.
The data collected using cookies will not be disclosed to third parties or in any other way disseminated.
The data collected using the services of third parties may be transferred outside the European Union, in particular to:
Third-party | Location | Privacy discipline |
---|---|---|
USA | Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016. | |
Mailchimp | USA | Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016. |
Stripe | USA | Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016. |
USA | Privacy Shield. EU Commission’s adequacy decision 1250 of 12 July 2016. |
6. Data Controller and Data Processor
The Data Controller and Processor is ARROW LUXORY INVESTMENTS S.R.L., headquartered in Via Piero della Francesca, n. 38, 20154 Milano, VAT number 08958250964, certified email arrowluxury@legalmail.it
The Data Controller has not appointed, not being legally bound to, a Data Protection Officer.
7. Amendments to this document
This document constitutes the extended cookie policy.
It can be subject to amendments, updates and modifications. In case of changes and relevant updates these will be reported with appropriate notifications to users.