Privacy and cookie policy
This policy provides users of this portal (from now on, “Portal“) with the information required by art. 13 of Reg. (EU) n. 2016/679 (hereinafter referred to as “GDPR“), accordingly with art. 122 of Legislative Decree 196/2003 (hereinafter referred to as “Privacy Code“) and Decision of Italian Data Protection Authority of 8 May 2014, “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies“, as supplemented by “Guidelines on the use of cookies and other tracking tools” of 10 June 2021 (hereinafter referred to as “Decision“).
- Identity and contact details of the data controller
The data controller is Amilon S.r.l., C.F. and P.IVA 05921090964, with registered office in via Natale Battaglia n. 12, Milan, e-mail address [email protected] (from now on, “Data Controller” or “Amilon”).
- Contact details of the Data Protection Officer (DPO)
The DPO can be contacted at the e-mail address [email protected].
- Types of data processed
a.Navigation data
The computer systems and software procedures used to operate the portal acquire, during their regular operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
These data, necessary for the use of web services, are also processed to:
- allow access to the portal and the use of the relative functionalities;
- to allow and monitor the correct functioning of the portal and carry out maintenance activities
- obtaining anonymous statistical information on the use of the portal;
- to ascertain possible responsibilities in case of hypothetical computer crimes against the portal and to exercise and/or defend the Controlle rights.
The legal bases of the processing carried out for the above purposes are the execution of a contract to which the interested party is a party and the pursuit of the Controller’s legitimate interest.
b. Data provided voluntarily by the user
To benefit from certain services on the portal it is necessary to provide personal data. Please refer to the specific information provided at the time of collection.
c. Information processed through cookies
The portal uses cookies.
What are cookies?
Cookies are small text files sent to the user’s terminal equipment (usually to the user’s browser) by the websites the user visits; they are stored in the user´s terminal equipment to be then re-transmitted to the websites on the user’s subsequent visits.
Types of cookies
In general, there are three different ways to classify cookies: their provenance, how long they endure, what purpose they serve.
First party and third party cookies
Unlike first-party cookies, which are put on your device directly by the website you are visiting, third-party cookies are placed on your device by a third party (like an advertiser or an analytic system).
Permanent and session cookies
Session cookies are temporary and expire once you close your browser (or once your session ends).
Persistent cookies remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.
Technical, analytical and profiling cookies
Depending on the purpose, cookies can be divided into technical cookies and profiling cookies.
Technical cookies are stored for the sole purpose of “carrying out the transmission of a communication over an electronic communication network or as strictly necessary for the supplier of an information society service explicitly requested by subscriber or user to provide the service” (see Art. 122, paragraph 1 of Privacy Code).
They are essential for you to browse the websites and use its features, such as accessing secure areas of sites (so-called “essential” or “strictly necessary”). They allow a user to navigate back and forth between pages without losing their previous actions from the same session. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies.
This category includes also “references cookies” (also known as “functionality cookies”), which allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your username and password are so that you can automatically log in.
“Statistics” or “analytical” cookies (also known as “performance cookies”) collect information about how you use a website, which pages you visited and which links you clicked on in order to improve website functions.
Pursuant to the art. 122, paragraph 1 of the Privacy Code, technical cookies do not require consent, but it should be explained to the user what they do and why they are necessary or useful.
Pursuant to the Decision, analytical cookies are equivalent to technical cookies (and, therefore, users’ consent is not required) if:
- are stored directly exclusively by the owner of the visited website with the purpose to collect aggregated information on the number of users and how they visit the website, or
- created and made available by third parties if:
- used by the first party for merely statistical purposes, where the ability to identify users is reduced (for example, through hiding significant portions of the IP address) and such data are processed just for make aggregate statistics in relation to a single site or a single mobile application (so there is no tracking of the navigation of the user on different applications or navigating different websites);
- such third parties, who provide the web measurement service, do not combine, enrich or cross-reference the data, even minimized as above, with other information available to them (e.g. customer files or statistics of visits to other sites) or transmit them to other third parties.
“Profiling” or “marketing” cookies are used to track your on line activity and behaviour for marketing purposes. They allow advertisers to create profiles of users’ preferences, habits, choices, etc. in order to deliver them targeted advertising.
These kinds of cookies can be stored on the users’ device only after they have given their consent.
Uses must be able to access the websites even if they refuse to allow the use of profiling cookies.
List of cookies and other tracking tools used by the Portal
The website uses the cookies listed below. Please note that Amilon uses the Transparency and Consent Framework 2.0 ("TCF 2.0") of the Interactive Advertising Bureau Europe (IAB Europe) association and that therefore the cookies developed by the Vendors participating in TCF 2.0 are classified according to purposes established by IAB Europe.
Technical cookies
The Portal uses cookies or other technical tools installed for the purposes indicated below, for which the prior consent of the users is not required pursuant to art. 122 of the Privacy Code.
Below, the name, purpose of use, the first or third party to which it refers and duration are reported for each cookie used.
| NAME | FIRST/THIRD PART | DESCRIPTION (PURPOSE) | DURATION |
| private_content_version | First-party (Domain: giftcardstore.it) | Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server. | 10 years |
| section_data_ids | First-party (Domain: giftcardstore.it) | Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc. | 1 hour |
| PHPSESSID | First-party (Domain: .giftcardstore.it) | Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. | 1 hour |
| mage-cache-sessid | First-party (Domain: giftcardstore.it) | The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true. | 1 hour |
| form_key | First-party (Domain: .giftcardstore.it) | This cookie is used to facilitate content caching on the browser to make pages load faster. | 1 hour |
| login_redirect | First-party (Domain: .giftcardstore.it) | Cookie generated by Magento | 1 hour |
| TCPID | First-party (Domain: .giftcardstore.it) | Used to identify visitors exposed to the privacy banner. TrustCommander uses this cookie to measure statistics for privacy banner usage until visitors provide consent for the TCID cookie. | 1 year |
| last_visited_store | First-party (Domain: .giftcardstore.it) | Cookie generated by Magento | 1 hour |
| X-Magento-Vary | First-party (Domain: .giftcardstore.it) | X-Magento-Vary cookie is used by Magento 2 system to highlight that version of a page requested by a user has been changed. It allows having different versions of the same page stored in cache | session |
| SERVERID | First-party (shop.giftcardstore.eu) | This Cookie is placed by HAProxy to provide load balancing functionality. | session |
Anonymized analytical cookies
The Portal uses analytical cookies created and made available by third parties to statistically analyze accesses or visits to the Portal itself, to allow the Controller to improve the structure, navigation logic and content and to collect information on the use of the Portal.
For more details and information you can visit the following link:https://support.google.com/analytics/answer/1011397
These cookies, suitably anonymized (by masking significant portions of the IP address), allow the collection of aggregate information on the number of users and how they visit the portal without being able to identify the individual user. Therefore, the prior consent of users is not required, in accordance with the provisions of the Measure.
| NAME | FIRST/THIRD PART | DESCRIPTION (PURPOSE) | Expiration |
| _ga_# | First-party (Domain: .giftcardstore.eu) | Used by Google Analytics to collect data on the number of times a user has visited the website and the dates of the first and most recent visit. | 2 years |
| _ga | First-party (Domain: .giftcardstore.eu) | It contains a unique identifier used by Google Analytics to determine that two distinct visits belong to the same user across browsing sessions. | 730 days |
On the pages below are installed the so-called "pixels" of Facebook to show personalized ads of Amilon, on Facebook. For such tools, as indicated above, the prior consent of users is required pursuant to Article 122 of the Privacy Code and in accordance with the Measure.
Below is the name of the tool, the third party to which it refers, the purpose of its use and its duration, and a link to that third party's privacy policy.
| NAME | FIRST/THIRD PART | DESCRIPTION (PURPOSE) | DURATION |
| _fbp | First-party (Domain: .giftcardstore.eu) | This cookie is installed by Meta for advertising purposes, it saves a unique identifier to show targeted advertising and to measure conversions. For further information, please visit: https://www.facebook.com/privacy/policies/cookies | 90 days |
| _fbc | First-party (Domain: .giftcardstore.eu) | This cookie is installed by Meta for advertising purposes and it is set when a user lands on the website from a Facebook Ad and the destination URL includes the parameter “fbclid”. For further information, please visit: https://www.facebook.com/privacy/policies/cookies | 730 days |
|
MUID |
This cookie is installed by Microsoft Clarity and identifies unique web browsers that visit Microsoft sites. These cookies are used for advertising, site analysis and other operational purposes. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
390 days |
|
|
NAP |
This cookie is installed by Microsoft Clarity and stores information about how visitors use the website. The cookie contributes to the creation of an analysis report. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
105 days |
|
|
ANON |
This cookie is installed by Microsoft Clarity and stores information about how visitors use the website. The cookie contributes to the creation of an analysis report. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
105 days |
|
|
CLID |
This cookie is installed by Microsoft Clarity and identifies the first time a user is seen on any site that uses Clarity. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
365 days |
|
|
MR |
This cookie is installed by Microsoft Clarity and indicates whether to update MUID. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
7 days |
|
|
SM |
This cookie is installed by Microsoft Clarity and is used in synchronizing the MUID across Microsoft domains. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
Session |
|
|
_clck |
This cookie is installed by Microsoft Clarity and persists the Clarity user ID and preferences, which are unique to that site and attributed to the same user ID. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
365 days |
|
|
_clsk |
This cookie is installed by Microsoft Clarity and identifies unique web browsers that visit Microsoft sites. These cookies are used for advertising, site analysis and other operational purposes. For further information, please visit: https://learn.microsoft.com/clarity/setup-and-installation/cookie-list |
1 day |
|
|
TPC |
Identifies whether the user's browser accepts third-party cookies. For further information, please visit: https://site.adform.com/privacy-center/website-privacy/opt-out/ |
14 days |
|
|
UID |
Registers a unique user ID that recognizes the user's browser when visiting websites that use the same advertising network. The aim is to optimize the display of advertisements based on user movements and the parameters of display of advertisements to users by advertising providers. For further information, please visit: https://site.adform.com/privacy-center/website-privacy/opt-out/ |
60 days |
|
|
CM |
Identifies whether it is necessary to verify that the partner's cookie match for all tracking points. For further information, please visit: https://site.adform.com/privacy-center/website-privacy/opt-out/ |
1 day |
|
|
CT<TrackingSetupID> |
Identify last-click membership for third-party pixels on advertiser pages. For further information, please visit: https://site.adform.com/privacy-center/website-privacy/opt-out/ |
1 hour |
|
|
C |
Check if your browser accepts cookies:1 – cookies allowed2– Opt-out For further information, please visit: https://site.adform.com/privacy-center/website-privacy/opt-out/ |
C=1 – 60 daysC = 3 – 3650 days |
- Provision of data
Without prejudice to what has been indicated above regarding cookies and similar markers used on the Portal, navigation data are necessary to carry out computer and telematic protocols.
The interested party remains free to give consent or not to give consent to profiling through the tracking tools mentioned above.
- Recipients
The processing of data related to the web services of the Portal is carried out by personnel expressly authorized to do so and who have received adequate operational instructions.
The data will be communicated to Meta Platforms, Inc. who will process them for the purposes indicated in the previous art. 3 as autonomous controller.
The data may be communicated to public authorities.
Where data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that have not been deemed adequate by the European Commission, the “transfer tools” referred to in Article 45 of the GDPR will be used, evaluating the possible provision of “supplementary measures” to ensure a level of protection substantially equivalent to that required by EU law. For more information, see the links to the privacy policy of the third parties indicated in the table.
- Procedures for granting and revoking consent for the installation of profiling cookies
The profiling cookies will be installed on your devices only after consent, expressed by selecting the “Accept” button in the banner containing the short information. Consent to the use of cookies is recorded with a special “technical cookie”.
You can always change your choice and, in particular, revoke the consent previously given, by clicking on “Cookie settings” at the bottom of each page of the Portal.
It is understood that where the user clicks on “Technical cookies only”, no profiling cookies will be installed.
Users may, however, express their options on cookies also through the settings of the browser used. Even if the web browser used by the user is set to automatically accept cookies, the user can modify the default configuration through the settings menu, deleting and/or removing all or some cookies, blocking the sending of cookies or limiting it to certain sites. Disabling, blocking cookies or deleting them may compromise the optimal use of certain areas of the Portal or prevent certain features of the same, as well as affect the operation of third party services. Below are the links to the guides to cookie management for the main browsers:
For browsers other than those listed above, it is necessary to consult the relevant guide to identify how to manage cookies.
- Data subjects’ rights
Data subjects may exercise their rights under the GDPR by sending an e-mail to [email protected]. In particular, in addition to what is pointed out in the previous paragraph, they have the right:
- to obtain the confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access the data concerning them in accordance with Article 15 GDPR,
- to obtain the rectification of inaccurate data,
- to have incomplete data completed,
- to obtain the erasure of data in the cases provided for by Article 17 GDPR (“right to be forgotten”),
- to obtain restriction of processing in the cases provided for by Article 18 GDPR,
- to object, at any time, on grounds relating to their own particular situation, to the processing carried out in the legitimate interest of the Controller,
- where the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (“right to data portability”);
- to lodge a complaint with the competent supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.