Cookie Policy
Who are we and what do we do with your personal data?
XTN Cognitive Security s.r.l., located at Via Santa Caterina n. 95, 38062 Arco (TN) (hereafter also referred to as the Controller), as the data controller, is committed to maintaining the confidentiality of your personal data and ensuring its necessary protection from any event that could put it at risk of a breach.
The Controller implements policies and practices regarding the collection and use of personal data, and the exercise of your rights as recognized by the applicable legislation. The Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary, and in any case, in the event of regulatory and organizational changes that may affect the processing of your personal data.
The Controller has appointed a Data Protection Officer (DPO) whom you can contact if you have any questions about the policies and practices adopted. You can contact the DPO at the address dpo@xtn-lab.com.
- Browsing the website ‘xtncognitivesecurity.com’
- Communication to Third Parties and Recipients
The communication of your personal data is primarily directed to third parties and/or recipients whose activities are necessary for the performance of tasks related to the aforementioned purposes, as well as to meet certain legal obligations. Any communication that does not serve these purposes will be subject to your consent.
In particular, your data will be communicated to third parties/recipients for:
- The provision of services (e.g., IT service providers);
- Communications with financial administrations and public supervisory and control authorities, to whom the Data Controller must comply with specific obligations arising from the nature of the activity performed;
The personal data processed by the Data Controller for this purpose are:
- Browsing data (IP address)
- Cybersecurity Reasons
The Controller processes your personal data (e.g., IP address) or traffic data collected or obtained, including through its suppliers (third parties and/or recipients), to the extent strictly necessary and proportionate to ensure the security and capacity of a network or its connected servers to withstand, at a given security level, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data.
To this end, the Controller has procedures in place for managing personal data breaches.
What are cookies and what purposes can they serve?
A “cookie” is a small text file created by certain websites on the user’s computer when they access a particular site, with the aim of storing and transporting information. Cookies are sent from a web server (which is the computer running the visited website) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer; they are then sent back to the website during subsequent visits.
Some operations could not be performed without the use of cookies, which in some cases are therefore technically necessary. In other cases, the site uses cookies to facilitate and ease navigation for the user or to allow them to use specifically requested services.
Cookies can remain in the system for extended periods and may contain a unique identification code. This allows the sites that use them to track the user’s navigation within the site itself for statistical or advertising purposes, in other words, to create a personalized profile of the user based on the pages they have visited and then show and/or send them targeted advertisements (so-called Behavioural Advertising).
Which cookies are used and for what main purposes
The Owner provides below the specific categories of cookies used, their purpose, and the consequences of their de-selection:
| Cookie Type | First/Third Party | Purpose | Storage Time | Consequences of Deselection |
|---|---|---|---|---|
| Navigation Cookies | First Party | Site management. Allow the secure and efficient functioning and exploration of the website. | 1 day / 1 year | These are the cookies necessary for the use of the site; blocking them will prevent the site from functioning. |
| Third Party | Term set by the third party | |||
| Functionality Cookies | First Party | Facilitate navigation and the service provided to the user based on a set of criteria selected by the user. | 1 day / 2 years | It would not be possible to retain user choices during navigation. |
| Third Party | Term set by the third party | |||
| Analytics Cookies | First Party | Collect aggregated information about user navigation to optimize browsing experience and services. | 1 day / 2 years | The Data Controller would no longer be able to collect aggregated information. |
Third-Party Cookies
This website also operates third-party cookies, which are cookies created by a website different from the one the user is currently visiting.
In particular, users are informed that the website utilizes the following services that release cookies:
- Cookieyes is a web service that uses cookies, which are stored on the user’s computer, to enable the visited website to manage cookie consent. To review the privacy policy for this service, please refer to their website //www.cookieyes.com/privacy-policy/.
- The LinkedIn cookie is a service used to share content from the platform within the visited website. To review the privacy policy related to this service, please refer to the website //it.linkedin.com/legal/cookie-policy.
Deselection and Activation of Cookies: “Review Your Cookie Choices”
You can edit your cookie preferences by clicking on the blue icon on the bottom left corner of your screen “Cookie settings”. This button will take you back to the cookie settings modal where you can adjust your preferences.
What happens if you do not provide your data?
We encourage you to review the consequences of deselecting individual cookies as detailed in the table above.
How, where, and for how long is your data stored?
How We Handle Your Data
Personal data processing is carried out through computer procedures by internal authorized and trained personnel. These individuals are allowed access to your personal data only to the extent and within the limits necessary for performing the processing activities related to you.
The Data Controller periodically checks the tools used to process your data and the security measures in place, ensuring constant updates. They also verify, including through authorized processing parties, that no unnecessary personal data is collected, processed, archived, or stored. Additionally, they ensure that data is stored with guarantees of integrity and authenticity and used only for the purposes of the actual processing activities.
Where we process your data
Your data is stored in electronic and telematic archives, including those located outside the European Economic Area. Specifically:
– United States of America: transfers are based on adequate safeguards such as the Data Privacy Framework.
How long we process your data
– Cookies:
We encourage you to review the data retention terms as indicated in the previous table.
What are your rights?
Essentially, you can, at any time and free of charge, and without any special formalities for your request:
– Obtain confirmation of whether your data is being processed by the Data Controller;
– Access your personal data and understand its origin (when the data is not obtained directly from you), the purposes and objectives of the processing, the data of the entities to whom it is communicated, the retention period of your data or the criteria used to determine it;
– Update or rectify your personal data to ensure it is always accurate and up-to-date;
– Delete your personal data from the Data Controller’s databases and/or backup archives, if, among other reasons, it is no longer necessary for the processing purposes or if the processing is deemed unlawful, and always if the conditions prescribed by law are met; and in any case, if the processing is not justified by another equally legitimate reason;
– Limit the processing of your personal data in certain circumstances, for example, if you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must be informed, in a timely manner, of when the suspension period has ended or the reason for the limitation of processing has ceased, and therefore, the limitation has been lifted;
– Obtain your personal data, if received or processed by the Data Controller with your consent and/or if the processing is based on a contract and carried out with automated tools, in an electronic format, also to transfer it to another data controller.
The Data Controller must act accordingly without delay and, in any case, within one month of receiving your request. The period may be extended by two months, if necessary, considering the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you within one month of receiving your request and provide the reasons for the extension. To exercise your rights, please write to the address info@xtn-lab.com.
How and when can you object to the processing of your personal data?
For reasons related to your specific situation, you can object at any time to the processing of your personal data if it is based on legitimate interests, by sending your request to the Data Controller at the following address: info@xtn-lab.com.
You have the right to request the deletion of your personal data if there is no overriding legitimate reason for processing that outweighs your request.
Who can you file a complaint with?
Without prejudice to any other administrative or judicial action, you may file a complaint with the competent supervisory authority, or with the authority operating in Italy where you have your habitual residence or work, or, if different, in the Member State where the breach of Regulation (EU) 2016/679 occurred.
