Information on Cookies pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter also “GDPR”)

Pursuant to Article 13 of the GDPR, the following information is provided in accordance with the principle of transparency, in order to make the User aware of the characteristics and methods of the processing of Data via Cookies and other tracking tools in relation to the use of the website or the Lookalike app, (jointly, the “Platform”).

We invite all Users to also view the privacy policy present on the Platform for a complete understanding of our privacy policy and the definitions of Personal Data and User.

  1. Data Controller and Data Protection Officer

The Data Controller is Lookalike S.r.l., with registered office in Via del Gonfalone 3, 20123 Milan (MI), P.I./C.F. 11814320963, pec lookalikesrl@pec.it (the “Data Controller”).

The company has appointed a Data Protection Officer (DPO) who can be reached at the company’s address in Via del Gonfalone 3, 20123 Milan (MI) and by e-mail at dpo@lookalike.shop.

  1. Definition of “Cookies

Cookies are strings of text that the websites visited by the Users (known as “publishers” or “first parties”) or other websites or web servers (known as “third parties”) place and store on the User’s terminal device so that they can be transmitted to the same sites the next time the User visits.

Cookies perform a wide variety of important functions, including authenticating computers, monitoring sessions, storing information on specific configurations of Users accessing the server, facilitating the use of online content, etc. The same result can be achieved by using cookies to identify the User’s computer.

The same result can also be achieved through the use of other tools (so-called “active identifiers” and “passive identifiers”), which make it possible to carry out processing operations similar to those indicated above and which are subject to the same regulations. In the following, the term Cookies refers to Cookies and all similar technologies.

  1. Types of Cookies

Cookies can be distinguished on the basis of the purposes for which they are used in the following categories.

– Technical cookies are used for navigation or to provide a service requested by the User. They are not used for any other purpose and are normally installed directly by the website owner. They can be subdivided into navigation or session cookies, which guarantee normal navigation and use of the website (allowing, for example, a purchase to be made or authentication to access reserved areas) and functionality cookies, which allow the User to navigate according to a series of selected criteria (for example, language) in order to improve the service provided to him/her.

Users are not required to give their prior consent for the installation of such cookies, although they are required to provide the information set out in Article 13 of the GDPR.

– Profiling cookies are used to trace specific actions or recurring behavioral patterns in the use of the functions offered (patterns) back to specific, identified or identifiable subjects, in order to group the various profiles within homogeneous clusters of different sizes, so that the Owner can, among other things, also modulate the provision of the service in an increasingly personalized manner beyond what is strictly necessary for the provision of the service, as well as send targeted advertising messages, i.e. in line with the preferences expressed by the User when surfing the web.

-Given the particular invasiveness that such devices can have on Users’ private sphere, the legislation provides that Users must be adequately informed about the use of such devices and thus express their valid consent (art. 122, paragraph 1 of the Personal Data Protection Code).

– Analytics cookies are cookies used to assess the effectiveness of an information society service provided by a publisher, to design a website or to help measure its “traffic”, i.e. the number of visitors, also broken down by geographical area, time of day of connection or other characteristics. These identifiers may be included in the category of technical identifiers, and as such may be used without the prior consent of the interested party, only in the following cases: use solely to produce aggregate statistics and in relation to a single site or a single mobile application; masking, for those of third parties, of at least the fourth component of the IP address; refraining of third parties from combining the analytics cookies, thus minimized, with other processing (customer files or statistics of visits to other sites, for example) or from transmitting them to other third parties.

  1. Purposes for which the Platform uses Cookies

The Platform uses the Cookies shown in the table below, which also indicates the purpose and storage time:

Name

Party

Type

Expiration

CookieConsent

First

Technical

365 days

i

Third

Technical

365 days

cookiehub

First

Technical

365 days

__cf_bm

Third

Technical

1 hour

pll_language

First

Technical

365 days

keep_alive

First

Technical

1 hour

secure_customer_sig

First

Technical

365 days

localization

First

Technical

365 days

_orig_referrer

First

Analytics

14 days

_landing_page

First

Analytics

14 days

_y

First

Analytics

365 days

_s

First

Analytics

1 hour

_shopify_y

First

Analytics

365 days

_shopify_s

First

Analytics

1 hour

_spxan

First

Analytics

730 days

_spxan_gid

First

Analytics

1 day

_gat

First

Analytics

1 hour

_ttp

Third

Marketing

390 days

_shopify_sa_t

First

Marketing

1 hour

_shopify_sa_p

First

Marketing

1 hour

You can manage your preferences with regard to the different types of Cookies through the initial banner or by accessing the relevant section to review your Cookie choices.

With regard to non-technical Cookies, the legal basis of the processing is the consent of the data subject (art. 6 par. 1 lett. a) GDPR), for technical Cookies, by virtue of the function performed, their use falls within a codified hypothesis of exemption from the obligation to acquire the consent of the data subject (art. 122 of the Code); the legal basis can be found in art. 6 par. 1 lett. b) GDPR as the processing is necessary for the provision of the services provided through the Platform.

When the User visits the Platform for the first time or navigates in private mode (from an incognito navigation window), he or she will see a warning about cookies at the bottom of the screen and can either accept all cookies or set his or her preferences or choose to close the banner and continue browsing only with the default settings and therefore with only technical cookies.

Once the user has expressed his or her preference regarding cookies, the banner will not be displayed again for at least 6 months unless, before this period has elapsed, it is impossible to know whether a cookie has already been previously stored on the device in order to be transmitted again on the occasion of a subsequent visit by the same user to the site that generated it (e.g. when the user deletes cookies from his or her browser) or when one or more processing conditions change significantly, which is the case, for example, when new third parties are added.

  1. Profiling cookies

The Data Controller informs you that the Platform makes use of Cookies and mobile tracking technologies.

The profiling services used allow the Data Controller to communicate, optimise and serve advertisements based on the User’s use of the Platform. This activity is carried out through the tracking of usage data and the use of Cookies, information that is transferred to partners to which this activity is linked. These third-party tracking technologies and their use are not controlled by the Owner and the consent acquired for third-party Cookies through the Platform is covered by their privacy policies. In short, consent to the use of third-party cookies is made up of two elements, both of which are necessary: on the one hand, the presence of the banner, which generates the event that makes consent documentable and, on the other hand, the presence of updated links to the sites managed by the third parties that can be found in article 6 below, through which the User can make his or her own choices regarding the categories and subjects from which to receive profiling cookies.

  1. Third Party Cookies

As set out in the previous point, with regard to the installation of Cookies from “third party” domains, the Owner acts as a technical intermediary. The management of the information collected by third parties is governed by the relevant privacy policy, which you should refer to. For the sake of greater transparency and convenience, the web addresses of the various notices and consent forms are listed below, specifying that the Data Controller is not responsible for the operation of third-party cookies on this Platform.

https://www.shopify.com/legal/cookies
– https://www.facebook.com/help/Cookies
– https://www.linkedin.com/legal/Cookie-policy?trk=hb_ft_Cookie
– https://www.google.it/intl/en/policies/privacy/?fg=1
– https://support.twitter.com/articles/20170514
– https://www.microsoft.com/privacystatement/en-gb/core/default.aspx
– https://instagram.com/about/legal/privacy/
– http://www.hasoffers.com/privacy-policy/
– https://help.tune.com/hasoffers/the-importance-of-securing-data-in-hasoffers/
– https://www.tiktok.com/legal/privacy-policy
– https://pixabay.com/service/privacy/

As far as Google remarketing and Google Adsense are concerned, if the User does not wish to receive personalised advertising and/or wants to explicitly refuse the collection and use of his/her data, he/she can deactivate the use of Cookies by Google for these purposes by accessing Google’s advertising settings at https://adssettings.google.com and changing them according to his/her preferences. Please note that if you delete all cookies from your device, Google may store new cookies for these purposes and you may need to renew your opt-out settings. With regard to Google Analytics, you can prevent the collection of data generated by the Cookie and based on your use of the Platform (including your IP address), as well as the processing of this data by Google, by downloading and installing the plug-in at https://tools.google.com/dlpage/gaoptout?hl=en.

  1. Compulsory or optional consent, selection and blocking of cookies

The User is under no obligation to consent to the use of non-technical cookies; the User will not suffer any consequences if he or she does not accept these cookies and will still be able to use the services offered by the Platform.

The choices made by the User in relation to Cookies will be recorded in a specific technical Cookie with the characteristics set out in the relevant Cookie table.

The User’s Cookie preferences will have to be reset if different devices or browsers are used to access the Platform.

The User may also express his or her options regarding the use of Cookies by the Platform through the browser settings. The “Options” or “Preferences” section in the browser menu allows you to opt out of receiving Cookies and other tracking technologies. As each browser has slightly different functions, you should check the “help” menu of your browser to find out how to correctly change your Cookie settings so that Cookies are deleted or not saved.

It is important to remember that the complete deactivation of all Cookies, including the technical ones, may result in a malfunction of the Platform you are visiting.

  1. Storage periods

Personal Data derived from Cookies are retained only for the period necessary for the purpose for which they are processed or within the time limits provided by applicable national and EU laws, rules and regulations, in accordance with the principles of minimisation and limitation of retention set out in Article 5 of the GDPR.

The retention time for each Cookie is however indicated in the table in art. 4.

For third party Cookies, please refer to the privacy policies and timeframes established by the third party through the links above in art. 6.

  1. Recipients of Personal Data

Personal Data may be shared with the following entities.

a) Persons who typically act as data controllers under article 28 of the GDPR and process Personal Data on behalf of the Data Controller such as companies that provide maintenance services for the Platform and information systems.

b) Persons authorised to process Personal Data pursuant to Article 2 quaterdecies of the Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018) who act under the authority of the Data Controller (such as employees and collaborators) and carry out activities strictly related to the provision of the services on the Platform.

c) External parties acting as data controllers such as public security or regulatory bodies, governmental entities or judicial authorities where required by applicable law.

Personal Data will in any case only be communicated to persons who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality and will not be disclosed.

  1. Transfer of Personal Data outside the European Union

In some cases it may happen that Cookie information is processed by our commissioned service providers or third party Cookie providers in countries outside the European Union (EU) or the European Economic Area (EEA) (hereinafter “Third Party Countries”). The list of Third Countries will be updated from time to time and/or available upon request; the legitimacy of such transfer is, in any case, carried out in compliance with the appropriate and adequate safeguards for the purposes of the transfer itself and in particular in compliance with the general principle for transfer set out in Art. 44 GDPR, the existence of an adequacy decision of the European Commission pursuant to Art. 45 GDPR, of adequate safeguards pursuant to Article 46 GDPR – including the standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2) GDPR – and in the presence of one of the specific situations of derogation referred to in Article 49 GDPR, including the explicit consent to the transfer by the Data Subject.

  1. Rights of the interested parties

Pursuant to art. 15 et seq. of EU REG 2016/679, the User may exercise the following rights: (1) request access to their Personal Data pursuant to art. 15 of the GDPR, (2) obtain the rectification and/or integration of the Data pursuant to art. 16 of the GDPR, (3) request and obtain the deletion of the Data pursuant to and within the limits of art. 17 of the GDPR unless one of the exceptions referred to in paragraph 3 of the same art. 17 applies, (4) request and obtain the restriction of the processing pursuant to art. 18 of the GDPR, (5) obtain the portability of the Data pursuant to and within the limits of Art. 19 of the GDPR which allows the Data Subject to receive the Personal Data provided to the Controller in a structured, commonly used and machine-readable format and – under certain conditions – transmit it to another Data Controller without hindrance, (6) object, in whole or in part, to certain types of processing pursuant to Art. 21 of the GDPR, including processing for marketing and profiling purposes, (7) withdraw consent pursuant to Art. 7(3) of the GDPR without affecting the lawfulness of the processing based on the consent given prior to withdrawal, (8) file a complaint with the Supervisory Authority (Privacy Guarantor), (9) receive clear, transparent and easily understandable information on how Personal Data is used and the exercise of rights, which is why the Controller provides the information contained in this document (Art. 13 GDPR).

The exercise of rights is not subject to any formal constraints and is free of charge. All rights may be exercised by sending an appropriate request to the Data Controller at the following e-mail address: privacy@lookalike.shop.