The regulation on the use of cookies and other similar tools (web beacons/web bugs, clear GIF, etc.) on users’ terminals (personal computers, notebooks, tablets, PCs, smartphones, etc.) has been recently changed to comply with Directive 2009/136, which modified the “e-Privacy” Directive (2002/58/EC), and the “Simplified arrangements to provide information and obtain consent regarding cookies – 8 May 2014”.
Cookies are small strings of text that websites send to their users’ terminals (usually to the browser), where they are memorised and resent to the same websites on their users’ next visit. Cookies are used for authentication purposes, session monitoring and to memorises specific information regarding the users who access the server and normally are saved in large numbers on users’ browsers.

The cookies used by
• Ensure a smooth navigation from one page of the website to another.
• Memorise visitors’ username and preferences.
• Avoid the need of entering the same information (such as username and password) multiple times during the same visit.
• Record the services used by users to optimise their navigation experience and improve the services offered.
• Display personalized advertising messages based on the interests and the browsing patterns shown by users.

These functionalities are divided into different categories:
1. Technical cookies
2. Analytical cookies uses the following types of cookies:

 1. Technical cookies

They are required for the correct functioning of certain areas of the website and include persistent and session cookies. Without these cookies, the website, or sections of it, may not work properly. Therefore, they are always used, independently from users’ preference settings.


 2. Analytical cookies

They are used to collect information on how visitors use the website.

The Data Controller uses this information for statistical purposes, to improve the website, make it more user-friendly and monitor its correct functioning.
These types of cookies collect information on users’ browsing activities on the website www, in an anonymous and aggregated format.
Cookies are installed directly by the Data Controller for functional and analytical purposes (“analytical cookies”). The installation does not require users’ explicit consent, only notification of their use.

How to disable technical and analytical cookies

To install these cookies the Data Controller does not require explicit consent from users. They may be blocked as explained in the following paragraphs, however, this may affect the usability of certain sections of the website.

Within the meaning of article 12 et seq. of the GDPR, users may object to the use of this type of cookies in the ways explained below.

The functionality and the options to limit or block cookies may be adjusted by changing the internet browser settings.

Most browsers are set to accept cookies by default. However, users may change these settings and block cookies or choose to be notified every time cookies are sent to their device.

There are different ways of managing cookies. To this end we recommend referring to the instruction manual or the browser’s on-screen help to find out how to change the settings.

Users may change the default settings and deactivate cookies (block them for good) by setting the highest protection available. Below you will find the steps to follow to manage cookies on the most popular browsers.

If users access the internet using different devices (e.g. computers, smartphones, tablets, etc.), they must make sure to change their cookie preferences on the browser of each device. To delete cookies from the browser of their smartphone/tablet, users should refer to the user manual of each device.

Internet Explorer –

Safari –

Chrome –

Firefox –

Manage notification preferences
• Rules for the deactivation of Behavioural Advertising
• Add-on to deactivate Google Analytics


Cookie Policy and Consent
Frequently Asked Questions

1. What are cookies?

Cookies are small strings of text that websites send to their users’ terminals where they are memorised and resent to the same websites on their users’ next visit. “Third-party” cookies, however, are set by a different website from the one that the user is browsing. This is because a website may include elements (images, maps, sounds, specific links to pages on other websites, etc.) stored on different servers.

2. What are they used for?

Cookies are used for different purposes: authentication, session monitoring, saving specific configurations pertaining to the users who access the server, saving preferences, etc.

3. What are “technical” cookies?





They are cookies required to browse the website or provide a service requested by the user. These cookies are not used for any other purpose and are normally installed by the website operator.
Without these cookies, some actions would not be possible or would be more complicated and/or less secure, for example, home banking (viewing a statements of account, making a bank transfer, paying a bill, etc.), for which the use of cookies to identify and save the user’s ID during the entire session is essential.

4. Are analytical cookies “technical” cookies?

No. The Data Protection Authority (cf. decision of 8 May 2014) has specified that analytical cookies can be considered technical cookies only if used directly by the website operator to optimise the website, in order to collect aggregated information on the number of users and how they visit the website. Only if they meet these conditions, the rules applicable to technical cookies – in terms of notification and consent – will apply also to analytical cookies.

5. What are “profiling” cookies?

These are cookies used to trace users’ navigation patterns and create profiles based on their tastes, habits, choices, etc. Thanks to these cookies promotional messages based on the preferences expressed during navigation can be sent to the users’ terminals.

6. Is consent required to install cookies on users’ terminals?

It depends on the purposes for which cookies are used and on whether they are “technical” or “profiling” cookies.
Users’ consent is not required to install technical cookies; however, users must be informed of their use (article 13 Data Protection Code). On the other hand, profiling cookies may be installed on users’ terminals only if users have provided their explicit consent after having been informed via simplified procedures.

7. How should the website operator provide simplified information and request users’ consent to use profiling cookies?

As disposed by the Data Protection Authority in the decision mentioned in question n. 4, the provision of information must have two formats.


When users access a website (on the home page or any other page), they must immediately see a banner showing an abridged version of the cookie policy, the request for their consent and a link to an unabridged version of the policy. On that page users will find more detailed information on cookies and choose which ones they want to consent to.

8. What characteristics should the banner have?

The banner must cover part of the content on the page users are visiting. Only by taking action, i.e. selecting an element on the page below, users will be able to hide the banner.

9. What information should appear on the banner?

The banner must inform users that the website uses profiling cookies, including third-party cookies, that allow to send advertising messages based on their preferences.
It must contain a link to the unabridged policy and inform users that via that link they may deny consent to the use of all cookies.
It must specify that by “ignoring” the banner and continuing to use the website they consent to the website’s use of cookies.

10. How can the acquisition of the consent provided via the banner be documented?

To keep a record of the acquisition of the consent, the Website Operator must use a technical cookie, a not particularly invasive system, which does not require consent.
With this “documentation”, there is no need for the abridged version of the policy to be shown on users’ second visit; in any case, users will have the ability to deny their consent and/or change the options selected, easily and at any time, for example, by accessing the unabridged policy, which must be reachable via a link on every page of the website.

11. Can consent to the use of cookies be asked only via a banner?

No. Website operators may use alternative methods other than the one suggested by the Data Protection Authority in the above-mentioned provision, as long as they meet all the requirements set by the law.

12. Do website operators who use only technical cookies need to show the banner?



No. In this case, website operators may inform users as they deem appropriate, for example, by including the information in the website’s privacy policy.

13. What must the unabridged policy contain?

It must contain all the information required by law, describe in detail the cookies’ characteristics and purposes and allow users to select/deselect individual cookies.
It must contain an up-to-date link to the consent forms of the third parties with whom the website operator has agreed the installation of cookies on their website.
Lastly, it must mention that users can set their cookie preferences from their browser settings.

14. Who must provide the policy and request users’ consent for the use of cookies?

The website operator who installs profiling cookies.
With regard to third-party cookies installed via the website, it is the duty of the third party to inform users, however, the website operator, as technical intermediary between the third-party and users, is required to include up-to-date links to the third-party consent forms.

15. Must the use of cookies be notified to the Data Protection Authority?

The use of profiling cookies, which are normally persistent, must be notified; the use of cookies that serve different purposes and fall into the technical cookie category, does not need to be notified to the Data Protection Authority.

16. When do the measures introduced by the Data Protection Authority with the dispositions of 8 May 2014 come into effect?

The Data Protection Authority has set a one-year transition period from the date of the publication of the disposition in the Italian Official Gazette, to allow all website operators enough time to comply. This period will end on 2 June 2015.