Complete cookies policy information for website users

Who are we and how do we use your personal data?
The Joint Controllers TEHA Group S.p.A. and The European House – Ambrosetti S.p.A., with registered office at Via Francesco Albani 21 (20149) Milan, take the privacy of your personal data seriously and guarantee that they are sufficiently protected against any event that could jeopardize their security.
The Joint Controllers implement policies and practices concerning the collection and processing of personal data and the exercise of your rights recognized by the applicable regulations. The Joint Controllers take care to update the policies and practices applied for the protection of personal data whenever this becomes necessary and, in any case, when there are amendments to the legislation and changes within the organization that could affect the processing of your personal data.
The essential content of the joint controllership agreement entered into between the Joint Controllers can be found at www.ambrosetti.eu/privacy.
The Joint Controllers have appointed a Data Protection Officer (DPO) whom you can contact should you have any questions concerning the policies and practices adopted.
You can contact the DPO using the addresses and contact information below:

TEHA GROUP S.p.A. DPO

dpo-tehagroup@ambrosetti.eu

DPO The European House – Ambrosetti S.p.A.

dpo@ambrosetti.eu

How do the Joint Controllers collect and process your data?
Your personal data will be processed for the following purposes:

Your personal data, including browsing data, e.g., the IP address and cookies transmitted while browsing the website  www.aggiornamentopermanente.it are processed by the Joint Controllers to manage the website and gather information, including in aggregate form. Additionally, the Joint Controllers use a tracking tool, Matomo, solely for statistical purposes, which collects data in aggregate form only.
Your personal data will not be disseminated or shared indiscriminately in any form to unspecified parties.

  • Notification to third parties and recipients

Your personal data are disseminated primarily to third parties and/or recipients whose activity is required for fulfilling the activities related to the aforementioned purposes and also for meeting precise legal requirements. Any communication that does not serve these purposes will be subject to your consent.
In particular, your data will be communicated to third parties/recipients for the following purposes:

  • provision of the service (e.g. IT services providers);
  • communication to financial administrations, public supervisory and control bodies in relation to whom the Joint Controllers are required to meet specific obligations deriving from the specific nature of the activity performed;

The personal data the Joint Controllers process for these purposes are:

  • browsing data (IP address)

  • Reasons of IT security

The Joint Controllers, including via their suppliers (third parties and/or recipients),  process your personal data (e.g.,, IP address) or data pertaining to traffic collected or obtained in case of services offered on the website that are strictly necessary and proportional to ensure the security and capability of a network or servers connected with it to withstand, at a given level of security, unforeseen events or unlawful or criminal acts that would endanger the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
To this end, the Joint Controllers put procedures in place to manage data breaches.

What are cookies and what is their primary use?
A "cookie" is a small text file created by certain websites on the user’s computer when the user accesses a site, for the purpose of storing and transmitting information. The cookies are sent by a web server (which is the computer on which the website visited is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the latter’s computer; they are then re-sent to the website during the user’s subsequent visits to the website.
Some operations could not be performed without the use of cookies which, in certain cases, are, therefore, technically necessary. In other cases, the site uses cookies to facilitate and streamline navigation by the user or to allow the user to access specifically requested services.
The cookies can remain in the system for long periods of time and can also contain a unique identification code. This enables the websites that use them to track the navigation of the user inside the website itself, for statistical or advertising purposes, in order to create a personalized profile of the user based on the pages visited and show or send him/her targeted advertising messages (so-called Behavioral Advertising).
Which cookies are used and for what primary purpose?
Below, the Joint Controllers have indicated the specific types of cookies utilized, their purpose and what happens if they are disabled:


TYPE OF COOKIE

FIRST/THIRD-PARTY

PURPOSE

DATA RETENTION TIME

CONSEQUENCE IF DISABLED

Technical cookies

First-party

Website management Used for the operation and safe and efficient exploration of the website 

Valid for the navigation session 

These cookies are required for the use of the website, if you block them the website will not work 

Functionality cookies (login)

First-party

Cookie that maintains the user login active 

14 days 

It would be impossible to remain logged in during navigation. The login request would be displayed for each page. 

Cookie analytics

First-party

Used to gather aggregated information on user navigation to optimize the navigation experience and the services provided.

Browsing session

It would no longer be possible for the Joint Controllers to acquire the aggregate information 

Third party cookies
This website does not run third party cookies, i.e., cookies created by a website other than the one the user is currently visiting.
Social buttons
The website www.aggiornamentopermanente.eu contains certain “buttons” (known as “social buttons/widgets”) which display the icons of social networks (e.g., Facebook, LinkedIn) and other web services (e.g., YouTube). These allow users browsing the Joint Controllers' web page to access the relevant social networks with a “click”. In this case, the social network and web services acquire the data concerning the user, while the Joint Controllers do not share any browsing information or user data acquired through their own website with the social networks and web services accessible via the social buttons/widgets. These services issue “third party cookies”. The links to the privacy notices of the most commonly used social networks and websites the buttons send users to are given below:

Disabling and enabling cookies “review your cookie preferences

What happens if you do not provide your data?

We invite you to examine the consequences of disabling individual cookies, provided in the table above.

How, where and for how long is your data stored?
How do we process your data?
Your personal data are processed via electronic procedures by specially authorized and trained internal employees. They are allowed access to your personal data in the measure and within the limits necessary for processing your personal data.
The Joint Controllers periodically audit the tools whereby your data are processed and the security measures contemplated for them, which require constant updating; the Joint Controllers verify, including via the authorized processors, that no personal data are collected, processed, filed or held unless it is necessary; regular audits ensure that the data are preserved with the guarantee of integrity and authenticity and that they are used for the purposes of the processing effectively done.
Where do we process your data?
The data are stored in computer and telematic archives located within the European Economic Area.
How long do we process your data for?
-Cookies:
Please refer to the personal data storage terms as provided in the table above.
-Website browsing:
The personal data are kept for the time required to allow the website to be browsed and in any case no longer than 36 months, except in cases in which events occur that require the intervention of the competent authorities, also in cooperation with third parties/recipients appointed to manage the Joint Controllers' data IT security activities, for the time required to investigate the causes that led to the event and to protect the interests of the Joint Controllers in relation to any liability related to the use of the website and the relative services.

What rights do you have?
In essence, at any time, free of charge and without any special procedures for making the request, you can:

  • obtain confirmation that your data are being processed by the Joint Controllers;
  • access your personal data and know the origin (when the data were not obtained from you directly), the purposes and aims of processing, the data of the subjects receiving them, the period of conservation of your data or the criteria used to determine it;
  • update or correct your personal data so that they are always exact and accurate;
  • delete your personal data from the databases and/or archives, including backup archives, of the Joint Controllers when, among other things, they are no longer necessary for the purposes for which they were processed or if said purposes are considered illegitimate, and whenever any of the conditions contemplated by law apply; and, in any case, if processing is not justified by another equally legitimate reason;
  • limit processing of your personal data to certain circumstances, such as those in which their accuracy has been challenged, for the period necessary for the Joint Controllers to check their accuracy. You must be informed, within a congruous time, also about when the period of suspension is terminated or the cause of the limitation to processing has been resolved, and the limitation revoked;
  • obtain your personal data, if received or processed by the Joint Controllers with your consent and/or if they are processed on the basis of a contract and using automated methods, in a computerized form, including for the purposes of sharing them with another controller.

In this case, the Joint Controllers must proceed without delay and, in any case, no longer than one month from receiving your request. If necessary, this deadline may be extended to two months, taking into account the complexity and number of requests received by the Joint Controllers. In such situations, within a month of receiving your request, the Joint Controllers must inform you and provide the reasons for the deadline extension. To exercise your rights, write to the address privacy@ambrosetti.eu.
How and when can you object to the processing of your personal data?
For reasons related to your personal situation, you may, at any time, object to the processing of your personal data if based on legitimate interests, by sending your request to the Joint Controllers at: privacy@ambrosetti.eu
You have the right to deletion of your personal data if there is no prevalent legitimate reason with respect to the one that originated your request.
How can you lodge a complaint?
Without prejudice to any other administrative or judicial action, you may lodge a complaint to the relevant authority operating and with jurisdiction in Italy where you regularly reside or work, or if different from the member state in which the violation of Regulation (EU) 2016/679 occurred.