Privacy notice for users on the use of cookies

Pursuant to the legislation applicable to protection of personal data (“Privacy Legislation”), including EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (“Privacy Code”), as well as the measures of the Italian Data Protection Authority on cookies, Morri Rossetti e Associati – Studio Legale e Tributario (hereinafter, “Morri Rossetti”, or the “Data Controller”), as data controller, provides users (hereinafter the “Users” or in the singular, the “User”) with the following information regarding cookies installed on the following domain www.morrirossetti.it (the “Website”).

Who is the Data Controller?

The Data Controller is Morri Rossetti e Associati – Studio Legale e Tributario with registered office in Milano, Piazza Eleonora Duse no. 2, 20122, fiscal code no. 04110250968 to be contacted at the following number +39 02 760 7971 or at the following e-mail address: info.privacy@morrirossetti.it.

The Data Protection Officer can be contacted at the following e-mail address: dpo.privacy@morrirossetti.it.

What are cookies?

Cookies are text files and numbers that are installed while browsing on a website, in the memory of the device (PC, smartphone or tablet) connected to the Internet through the browser application installed therein.

Cookies, which are usually present in substantial numbers in users’ browsers and sometimes also with wide temporal persistence, are used for several purposes such as, by way of example and not limited to, for IT authentication, for monitoring of browsing sessions, for storage of information on specific user configurations in accessing a given server, etc.

The Privacy Legislation identifies the following macro-categories of cookies:

  1. Technical cookies”, which are used to carry out browsing or to provide a service requested by the user. Such cookies are not used for further purposes and are usually installed directly by the website’s owner or manager. In addition, these cookies can be grouped into:
    1. browsing or session cookies, which guarantee the normal browsing and use of a website (allowing, for example, to purchase items online or authenticate to access certain sections);
    2. functional cookies, which allow users to navigate as a function of certain pre-determined criteria (such as, for example, language, products selected for purchase) in order to improve the quality of service provided to the same.
      For the installation of technical cookies, the users’ prior consent is not necessary;
  2. Analytics cookies”, which are used to monitor the use of a website by Users for optimization purposes (number of visitors, pages browsed, time spent on a website, etc.).
    In order for analytics cookies to be equated to technical cookies, it is necessary that they are realized and used directly by the first party website (without the intervention of third parties) to improve its usability and it is necessary to prevent the possibility that, through their use, direct identification of data subjects is achieved, which is tantamount to preventing the use of analytics cookies that, due to their characteristics, can work as direct, unique identifiers of users.
    In order to consider analytics cookies, including third party cookies, as technical cookies, it is necessary that: (i) analytics cookies are only used for the production of aggregated statistics and in relation to a single website or a single mobile application, so as not to allow tracking an individual’s navigation across different applications or websites; (ii) at least, for third-party analytics cookies, the fourth component of the IP address is masked out; (iii) the third parties refrain from match such analytics cookies with any other information (such as customer records or statistics concerning visits to other websites) or from forwarding them to third parties.
    For the installation of analytics cookies which can be assimilated to technical cookies, the users’ prior consent is not required; where, however, analytics cookies cannot be assimilated to technical cookies, the users’ consent to their installation is then required;
  3. Profiling cookie”, which are intended to create user’s profiles and are used to send targeted advertising messages in line with the preferences expressed by the user in the context of his/her web-browsing activities. Due to the particular invasiveness that these cookies may have on the private sphere of the users, the Privacy Legislation provides that user shall be adequately informed about the use of such cookies and express his/her valid consent for the installation of the same.
    For the installation of profiling cookies, the users’ prior consent is therefore necessary, which should be provided after the user has been informed in a simplified manner;

Moreover, cookies may be installed directly by the website visited by the user (s.c. “first party cookies”), or they may be installed by other websites (s.c. “third party cookies”).

Lastly, under the temporal prospective, cookies can be divided into: (i) “persistent cookies”, i.e. cookies that are permanently stored on the user’s device until a predetermined expiry date (minutes, days, years); (ii) “session cookies”, i.e. cookies that are automatically deleted when closing the browser.

What cookies does the Website use and for what purposes?

When the User connects to the Website, the following cookies may be installed on the User’s device:

(i) Technical cookies

These cookies are necessary in order to allow the operation of the Website and cannot be deactivated within Morri Rossetti's systems. They are usually set only in response to actions taken by the User that constitute a service request, such as setting privacy preferences, logging in, or filling out forms. It is possible to set the browser so that it blocks these cookies but, as a result, some parts of the Website will not work properly. These cookies do not store any personal data.

Cookie Duration Purposes Domain
adm_2_0 o sglogin session user authentication management cookie whose purpose is to maintain knowledge of the authenticated user profile (i.e., user who has registered by accepting the privacy document and subsequently explicitly authenticated at least once on the site with username and password) and thus enable the enjoyment of content reserved for the User First part / site domain
ASP.NET_SessionId session session cookie (i.e., it expires and then removed from the browser when the browser is closed), is a technical cookie intended to speed up the navigation of the site First part / site domain
BNES_* session Functional cookies for site security management First part / site domain
CookieSetting o sg_CookiePolicy o PrivacyCookie 6 months Used to store acknowledgement of privacy notice First part / site domain
sgLang 6 months user language preferences First part / site domain


(ii) First and third party analytics cookies that can be assimilated to technical cookies

These first-party and third-party cookies, as far as they can be assimilated to technical cookies, allow Morri Rossetti to count visits and traffic sources so that it can measure and improve the performance of the Website. They help Morri Rossetti knowing which pages are the most and least popular and see how visitors navigate around the Website. All information collected by cookies is aggregate and therefore anonymous.

Cookie Duration Purposes Domain
_pk_id* 1 year Is used to count the visits made by the browser to the site. It is incremented with each visit made and also contains the date-time of the last visit. The default setting is for the cookie to be valid for two years. First part / site domain
_pk_ses* 30 minutes Is used in combination with the previous one to manage the count increment. It is a cookie whose validity is 30 minutes. First part / site domain
_pk_ref* 6 months Is used to track provenance on the website from from third-party sites. It contains the url of the originating website. The standard setting is for a cookie validity date of 6 months. First part / site domain
_pk_cvar* variable Potential custom variables First part / site domain
_pk_test* session Used to verify cookie support by the browser First part / site domain


How can the User manage and/or deactivate cookies?

When the User visits the Website for the first time, he/she will be informed about the type of cookies used by the Website by means of an information banner that appears immediately at the top of the Website. Following the display of the banner, by continuing to browse the Website, the User accepts the use of cookies selected by the Website (such as, for example, technical cookies).

However, it is always possible to modify the cookie settings at any time by following the procedures outlined in this privacy notice. Please note that disabling cookies may affect the use and operation of the Website.

How can the User manage his/her cookie preferences through the browser?

Each browser allows the User to limit and delete cookies. The User can manage cookie preferences directly in his/her browser and prevent - for example - the installation of third-party cookies.

Please find below the procedure to deactivate the cookies directly through the configuration settings of the main browser applications:

Internet Explorer
  1. Open Internet Explorer;
  2. Click on the “Tools” button and then on “Internet Options”;
  3. Select the "Privacy" tab and, under "Settings," select "Advanced," then choose whether to accept, block, or be prompted for first-party or third-party cookies.
Microsoft Edge
  1. Open Microsoft Edge;
  2. Select "Settings and More" in the upper right corner of the browser window;
  3. Select "Settings," then select "Privacy, Search and Services."
  4. Select "Choose items to delete" under "Clear browsing data" and then "Clear browsing data now."
  5. Select a time range in "Time range";
  6. Select "Cookies and other site data," then "Delete now."
Google Chrome
  1. Open Google Chrome;
  2. Click, in the upper right corner, on the button   and then select "Settings."
  3. In the "Privacy and Security" section, click on "Cookies and other site data."
  4. In the opened tab you can select an option (i.e. accept all cookies, block all cookies, block third-party cookies in incognito browsing modes, block third-party cookies) and save your preferences.
Firefox
  1. Open Firefox;
  2. Press on the menu button  , top right, and then select "Settings."
  3. Then select the "Privacy and Security" tab;
  4. In the "Advanced Anti-Tracking Protection" section, select the "Custom" option and check the "Cookies" box;
  5. Use the drop-down menu to select the types of cookies to block (i.e. cookies from unvisited websites, all third-party cookies, or all cookies);
  6. Close the "about: preferences" page, the changes made will be saved automatically.
Opera
  1. Open Opera;
  2. Click on "Settings" in the browser menu and select "Go to full settings."
  3. Select the "Confidentiality & Security" item and then click on "Site Setting."
  4. Click on "Cookies and Site Data" and select your preferences (i.e. accept all cookies, block third-party cookies in private mode, block third-party cookies, block all cookies), the changes you make will be saved automatically.
Safari
  1. Open Safari;
  2. Choose "Preferences" in the toolbar, then select the "Privacy" panel in the dialog box that follows;
  3. In the "Accept Cookies" section you can specify if and when Safari should save cookies from websites. For more information click on the "Help" button (marked with a question mark);
  4. For more information about the cookies that are stored on your computer, click on "Show Cookies".

After these operations, however, some functions of the Website may not be performed and/or work properly.

With whom are the data collected by using cookies shared?

The data collected by using cookies may be processed by Morri Rossetti’s personnel, in their capacity as authorized persons pursuant to the Privacy Legislation.

Such data may also be processed by companies which carry out technical and organizational activities on behalf of Morri Rossetti. These companies are direct collaborators of Morri Rossetti and operate by virtue of a specific deed of appointment as data processors.

The list of all named data processors involved in processing operations through the Website is constantly updated and is available upon request by sending a communication to the e-mail address info.privacy@morrirossetti.it.

Personal data collected by using cookies will not be shared to third parties and will be processed exclusively within the European Union. Should the need to transfer data outside the European Union arise, Morri Rossetti will ensure that such transfers are carried out only in presence of appropriate safeguards pursuant to Article 46 et seq. of the GDPR.

Data collected by using cookies will not be disseminated.

Please note that if third party cookies are used, the third party cookies fall under the direct and exclusive responsibility of the third party itself. It follows that third-party cookie providers are also obliged to comply with the Privacy Legislation. For this reason, where necessary, please refer to the links to the web pages of the third party's website, where the User can find the cookie consent collection forms (where necessary) and their related disclosures.

What rights can User exercise?

The User will always have, in accordance with the law, the right to withdraw at any time his/her consent, where given, as well as to exercise, at any time, the following rights:

  • the “right of access” i.e. the right to obtain confirmation as to whether or not personal data concerning the User are being processed and the communication of such data in an intelligible form;
  • the “right to rectification” i.e. the right to request the rectification or, if interested, the integration of personal data;
  • the “right to erasure” i.e. the right to request the erasure or the anonymization of personal data that have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they were collected or further processed;
  • the “right to restriction of processing” i.e. the right to obtain from the Data Controller the limitation of the processing in certain cases provided for under the Privacy Legislation;
  •  the right to request the Data Controller to indicate the recipients to whom it has notified any rectification or erasure or restriction of processing (carried out in accordance with Articles 16, 17 and 18 GDPR, in fulfillment of the notification obligation unless this proves impossible or involves disproportionate effort);
  • the “right to data portability” i.e. the right to receive (or transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
  •  the “right to object”, i.e. the right to object, in whole or in part:
    • the processing of personal data carried out by the Data Controller for its own legitimate interest;
    • the processing of personal data carried out by the Data Controller for direct marketing or profiling purposes.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the User's personal data has been disclosed of the his/her exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation.

Where processing is based on consent, the User is also entitled to withdraw, at any time, any consent given, whereby it is understood that the withdrawal of consent shall not affect the lawfulness of the processing based on consent given prior to the withdrawal.

How to exercise your rights?

The User is entitled to exercise his/her rights at any time in the following manner:

  • by e-mail, to the following e-mail address: info.privacy@Morrirossetti.it;
  • via ordinary post, to the address of the registered office of Morri Rossetti and Associates: Piazza Eleonora Duse 2, 20122, Milano.

The Data Controller hereby informs the User that, pursuant to the Privacy Legislation, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of User’s habitual residence, place of work or place of the alleged breach), if he/she is of the opinion that his/her personal data are being processed in a way that would lead to breaches of the GDPR.

In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authority are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Lastly, should the User wish to lodge a complaint with the Supervisory Authority having competence for the Italian territory (i.e. “Autorità Garante per la protezione dei dati personali”), the same can use the complaint form available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.