Pursuant to the current legislation on the protection of personal data (the « Privacy Regulations« ) including the EU Regulation 2016/679 (the « GDPR« ), Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018 (« Privacy Code« ), as well as the provisions of the Italian Data Protection Authority on cookies, Geico S.p.A., (the « Company » or the « Data Controller« ), as data controller, provides users (hereinafter the « Users » or, in the singular, the « User« ) with the following information regarding the cookies installed on the domain www.geico-spa.com (the “Website”).
Who is the Data Controller?
The Data Controller is Geico S.p.A., with registered office at Via Pelizza da Volpedo 109/111, Cinisello Balsamo (MI), 20092, Italy, VAT No. 00688580968, which can be contacted via the phone number +39 02 660221 or at the following e-mail address infoprivacy@geico-spa.com.
What are cookies?
Cookies are text files and numbers that are installed when browsing a website in the memory of the device (PC, smartphone or tablet) connected to the Internet through the browser application installed there.
Cookies, which are usually present in a very high number in the Users’ browsers and sometimes with characteristics of long persistence, are used for different purposes: execution of computer login, monitoring sessions, storing information on specific configurations regarding the Users who access the server, etc.
The Privacy Regulations identify the following macro-categories:
For the installation of technical cookies, the prior consent of the Users is not required;
Therefore, for the installation of profiling cookies the consent of the User is necessary, manifested after the User has been informed through simplified methods;
In particular, in order to consider analytics cookies as technical cookies, it is necessary that:
(i) analytics cookies are only used to produce aggregate statistics and in relation to a single website or mobile application;
(ii) third-party analytics cookies mask at least the fourth component of the IP address;
(iii) third parties do not combine such analytics cookies with other processing (customer files or statistics of visits to other websites, for example) or transmit them to third parties.
In addition, cookies may be installed by the Website visited by the User (the so-called « first-party cookies« ), or may be installed by other websites (the so-called « third-party cookies« ).
Finally, in terms of time, cookies can be divided into:
(i) « persistent cookies« , i.e. cookies that are permanently stored on the User’s device until they expire (minutes, days, years);
(ii) « session cookies« , i.e. cookies that are automatically deleted when the browser is closed.
Cookie settings
Please note that third-party cookies fall under the direct and exclusive liability of the third party itself.
It follows that third-party cookie providers are also obliged to comply with the Privacy Regulations.
For this reason, please refer to the links of the third party website pages, where the User can find the forms
for providing consent to cookies (where necessary) and the relevant policies.
How can the User manage and/or disable cookies?
When the User visits the Website for the first time, he/she will be informed about the type of cookies used by the
Website by means of an information banner that will immediately appear at the top of the Website page.
In the same banner, the User can manage his or her preferences regarding the installation of cookies through specific commands.
Following the display of the banner, by continuing to browse the Website, the User accepts the use of the cookies selected by the Website by default.
However, the User can change cookie settings at any time here:
Cookie settings
To whom is the data collected using cookies disclosed?
The data collected using cookies may be processed by our employees and collaborators in their capacity as persons authorised to do so under the Privacy Regulations.
Such data may also be processed by companies we trust to carry out technical and organisational tasks on behalf of the Company. These companies are our direct collaborators and operate by virtue of a specific appointment as data processors.
The list of all the appointed Data Processors involved in the processing operations through the Website is constantly updated and is available on request by sending a communication to the e-mail address infoprivacy@geico-spa.com.
Personal data collected using cookies will not be passed on to third parties and will be processed exclusively within the European Union.
Should the need arise to transfer the data outside the European Union, the Company will take care to carry out such transfers only in the presence of adequate guarantees pursuant to Art. 46 et seq. of the GDPR.
Data collected using cookies from Vimeo, [Google, Linkedin, Facebook, Youtube] may be transferred by these third parties outside the European Union, in particular to the United States of America, in accordance with the Privacy Regulations.
In any case, for further information please visit the relevant cookie policies of Vimeo, [Google, Linkedin, Facebook, Youtube] available in the section « What cookies does the Website use and for what purposes? », par. iii) of this policy.
Data collected using cookies will not be disclosed.
What rights can Users exercise?
The User will always have, in accordance with the law, the right to revoke at any time his/her consent, where given, as well as to exercise, at any time, the following rights (collectively, the « Rights« ):
In the above cases, where necessary, the Data Controller will inform the third parties to whom the User’s personal data are communicated of the possible exercise of rights, except in specific cases where this is not possible or is too costly and, in any case, in accordance with the provisions of the Privacy Regulations.
Where processing is based on consent, the Data Subject will also be entitled to revoke, at any time, any consent given, it being understood that revocation of consent will not affect the lawfulness of processing based on consent prior to revocation.
How to exercise your rights?
The User may at any time exercise his/her Rights in the following ways:
The Data Controller informs the User that, pursuant to the Privacy Regulations, he or she has the right to lodge a complaint with the competent supervisory Authority (in particular in the Member State of his or her usual residence, place of work or place of the alleged breach), if he or she deems that his or her Personal Data are being processed in a manner that would result in a breach of the GDPR.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authorities are available at the following link https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Finally, if the User intends to lodge a complaint with the Supervisory Authority competent for the Italian territory (i.e. Italian Data Protection Authority), the complaint form is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.