Cookie Policy

Cookies are small text files that websites visited by users send to their terminals (computers, tablets, smartphones), where they are stored to be retransmitted to the same sites on each subsequent visit. Cookies allow sites to recognize the user’s device, track navigation across different pages, and identify users who return to visit the site.

5.1 Types of Cookies Used by www.neperiagroup.com

• Technical Cookies (Necessary):These cookies are essential for the proper functioning of the Site and to allow the user to navigate and use its services. They do not collect user information for commercial purposes and do not require the user’s prior consent. They include:
  • Navigation or Session Cookies:Ensure normal navigation and use of the website (allowing, for example, to keep a session active).
  • Functionality Cookies:Allow the user to navigate according to a series of selected criteria (e.g., language) in order to improve the service provided.
• Third-Party Analytics Cookies (with potential anonymization mechanisms):The Site uses Google Analytics, a web analysis service provided by Google LLC (“Google”). Google Analytics uses cookies to collect and analyze information in aggregate form about site usage behavior (pages visited, time spent, geographic origin of traffic, etc.). Neperia Group S.r.l. uses this information to compile anonymous statistical reports on Site activity in order to improve it.
  • Potential Anonymization:Neperia Group S.r.l. may have activated functions to reduce the identifying power of analytical cookies (e.g., IP anonymization). When the IP is anonymized, Google undertakes not to cross-reference the partial IP address with other data held by Google. Check the cookie banner settings for details on any anonymization applied.
  • Google Information:For more information on Google Analytics and Google’s privacy management, please consult: https://policies.google.com/privacy and https://support.google.com/analytics/answer/6004245. You can disable the action of Google Analytics by installing the opt-out component provided by Google on your browser: https://tools.google.com/dlpage/gaoptout.
• Third-Party Cookies (Google Fonts):The Site may use Google Fonts, a font style visualization service managed by Google LLC, which allows this Site to integrate such content within its pages. This service may collect usage data and identifiers (such as IP address) according to Google’s policies.
  • Google Fonts Information:https://policies.google.com/privacy
• Profiling Cookies:Currently, the Site does not directly use its own profiling cookies, i.e., cookies aimed at creating user profiles in order to send advertising messages in line with the preferences expressed by the user during web navigation. However, please note that the third-party services used (such as Google Analytics and Google Fonts), if not configured with specific anonymization measures or if the user interacts with any social widgets, could in turn install profiling cookies or collect data for their own purposes, as described in their respective privacy policies.

5.2 Managing Cookies via Browser

The user can manage cookie preferences directly within their own browser and prevent – for example – third parties from installing them. Through the browser preferences, it is also possible to delete cookies installed in the past. It is important to note that disabling all cookies may compromise the functioning of this Site. Users can find information on how to manage cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Opera.

5.3 Cookie Banner and Consent

Upon first access to the Site, an information banner is displayed that allows the user to:

• Accept all cookies.
• Reject all non-essential (technical) cookies.
• Customize their choices and provide/deny consent for individual purposes or third parties.
  Choices can be changed at any time via a link accessible in the site footer or in the dedicated privacy settings.

6. Methods of Processing and Security Measures

The processing of personal data is carried out using manual, IT, and telematic tools, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data itself.

Neperia Group S.r.l. adopts specific and appropriate technical and organizational security measures to prevent data loss, illicit or incorrect use, and unauthorized access, in line with the provisions of Art. 32 of the GDPR. These measures include, by way of example:

• Physical and logical access control to systems and data.
• Use of secure communication protocols (e.g., HTTPS) for data transmission.
• Backup and disaster recovery procedures.
• Constant updating of security systems and software.
• Specific training for personnel authorized to process data.

7. Data Retention Period

Personal data are kept for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the principles of minimization and storage limitation (Art. 5 GDPR) and legal obligations. Specifically:

• Navigation datado not persist for more than a limited period (except for any need to ascertain crimes by the judicial Authority).
• Data provided voluntarilyto respond to requests are kept for the time necessary to provide feedback and for any subsequent contacts strictly related to the initial request, and in any case no longer than the terms provided by law for possible defense needs or regulatory compliance (e.g., 10-year administrative-accounting retention if the request leads to a contractual relationship).
• Data processed for marketing purposesbased on consent will be kept until the consent is withdrawn by the data subject, or until the end of the period deemed appropriate based on the sector and interests (e.g., 24 months from the last significant contact, unless consent is renewed).
• Data collected via analytical cookiesare kept for the periods indicated in the third-party policies (e.g., Google Analytics).

At the end of the retention period, personal data will be deleted, destroyed, or made anonymous.

8. Data Communication and Disclosure

The personal data collected will not be subject to indiscriminate disclosure. They may be communicated to:

• Internal personnel of Neperia Group S.r.l. authorized to process data within the scope of their duties.
• External subjects who carry out activities on behalf of the Controller as Data Processors(pursuant to Art. 28 GDPR), such as: technical service providers (hosting providers, IT companies), consultants (legal, tax), marketing companies (for newsletter management, subject to consent). The updated list of Data Processors is available upon request from the Controller.
• Judicial or administrative authorities, public bodies, supervisory bodies, if required by law or regulation or upon their request.

9. International Data Transfers

Some personal data may be shared with recipients located outside the European Economic Area (EEA), for example, through the use of services such as Google Analytics or Google Fonts. In such cases, Neperia Group S.r.l. ensures that the transfer takes place in compliance with applicable regulations, namely:

• To third countries deemed adequate by the European Commission.
• Subject to the adoption of adequate safeguards (such as the Standard Contractual Clauses approved by the European Commission).
• Or based on specific derogations provided for by the GDPR (e.g., data subject’s consent).
  More information on the safeguards adopted for transfers outside the EEA can be requested from the Controller.

10. Rights of Data Subjects

As a data subject, You have the right to exercise the rights provided for in Articles 15-22 of the GDPR, and in particular:

• Right of Access (Art. 15):Obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and specific information (purposes, categories of data, recipients, retention period, etc.).
• Right to Rectification (Art. 16):Obtain the correction of inaccurate personal data concerning you without undue delay.
• Right to Erasure (‘Right to be forgotten’, Art. 17):Obtain the erasure of personal data concerning you without undue delay, in the cases provided for by law (e.g., data no longer necessary for the purposes, withdrawal of consent, unlawful processing).
• Right to Restriction of Processing (Art. 18):Obtain restriction of processing in the cases provided for (e.g., contesting the accuracy of the data, unlawful processing, objection to processing).
• Right to Data Portability (Art. 20):Receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where provided for (processing based on consent or contract and carried out by automated means).
• Right to Object (Art. 21):Object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on the legitimate interest of the Controller. Object at any time to processing for direct marketing purposes.
• Right to Withdraw Consent:Where processing is based on consent, You have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint (Art. 77):Without prejudice to any other administrative or judicial remedy, You have the right to lodge a complaint with the competent Supervisory Authority (for Italy, the Garante per la Protezione dei Dati Personali – gpdp.it) if you consider that the processing of personal data relating to you infringes the GDPR.

To exercise Your rights, you can send a written request to Neperia Group S.r.l. at the contact details indicated in point 1 (preferably to the email address privacy@neperiagroup.com or via PEC). It may be necessary to verify Your identity before proceeding with the request.