In accordance with the ruling from the Italian Authority for the Protection of Personal Data (hereinafter, the “Authority”), setting out guidelines on cookies and other tracking tools, dated 10 June 2021 (hereinafter, the “Cookie Ruling”), Staganova with legal headquarters at 71-75 Shelton Street Covent Garden London WC2H 9JQ CN 15636252 (hereinafter, “Staganova”), as the owner of the Website www.staganova.com (hereinafter, the “Website”), informs users of the following.

This cookie policy, pursuant to articles 13 and 14 of European Regulation 2016/679 (hereinafter, the “Regulation”), constitutes an integral part of the privacy policy, which can be found at the following link: www.staganova.com.
 

WHAT ARE COOKIES?

Cookies are small text files that the websites visited by users send directly to their terminals (usually to the browser), where they are stored before being re-sent to the same website on the next visit by the same users (so-called first-party cookies). When browsing on a website, users may also receive cookies from other websites or web servers (so-called third-party cookies) on their terminals; this happens when the website visited contains elements such as, for example, images, maps, sounds, or specific links to web pages from other domains located on different servers from that of the page requested. In other words, these are cookies installed by a website other than the one you are actually visiting.

Cookies may have a lifespan limited to a single browsing session (so-called session cookies), in which case they are automatically disabled when the browser is closed by the user; alternatively, they may have a predetermined lifespan, in which case they will continue to be stored and active on your hard disk until their expiry date, continuing to collect information over the course of multiple browsing sessions (so-called permanent cookies). 

Cookies are used for different purposes. Some are necessary to allow you to browse the Website and use its services (so-called technical cookies). Others are used to obtain statistical information, in aggregate form or otherwise, on the number of visitors accessing the Website and how the Website is used (so-called analytics cookies). Finally, others are used to track users’ profiles and show them advertisements on the Website which may be interesting to them, as they are consistent with the user's tastes and purchasing habits (so-called profiling cookies).
 

FIRST-PARTY COOKIES

The Website uses the following types of first-party technical cookies, the installation of which does not require the users’ consent but for which Staganova is still obliged to provide adequate information:

(a)    Browsing or session cookies: necessary to allow users to browse normally within the Staganova Website and to use its services correctly; as they are not stored on users’ computers, they disappear when the browser is closed;

(b)   Functional cookies: these serve the sole purpose of improving browsing on the Website and making it faster, by memorising certain choices made by the users (such as language preferences).

Therefore, these are tools used by Staganova to ensure, among other things, efficient browsing, session stability, and the memorisation of the selected country and logged-in status throughout the entire session. They also serve to memorise the choices made by users regarding the visibility of certain elements of the page, such as banners for information or communication, for example.

The use of technical cookies and the processing associated with them does not require the prior consent of the users under the current regulations.

In any case, the latter can prevent the installation of technical cookies at any time using their browser settings, though with the knowledge that doing so may complicate, slow down and sometimes block browsing on the Website.

Staganova acts as the data controller exclusively in relation to the first-party cookies installed on the Website.

 

THIRD-PARTY COOKIES

It is possible that, while users are browsing the Website, certain cookies which are not directly controlled and managed by Staganova may be saved on their device. This happens, for example, when users visit a page which includes content from a third-party website.

In this context, it should be noted that Staganova plays no role in the processing of data derived from this type of cookie, as it is no more than a mere technical intermediary.

Third-party profiling cookies serve to display personalised advertisements on the Website and on other websites, and their functioning is based on users’ browsing activities. This type of cookie could also be used by third parties to display their products and services on the Website.

The Website also uses a number of types of third-party analytics cookies through which the following information, merely by way of example, is collected:

(a)    the number of visitors, page views, and browsing on the Website;
 

(b)    the effectiveness of campaigns to attract users based on the source of web traffic;
 

(c)    details on products viewed and possibly downloaded from the Website.

These cookies, like the purposes for which they are used outside of the Website, are the direct and exclusive responsibility of the third parties that install them on the users’ terminals. They serve to show users advertisements in line with their interests (this is the case for third-party profiling/retargeting cookies).

If users do not wish to receive third-party cookies on their terminals, they may choose not to give their consent and can, at any time, use the links provided below or the selection/deselection options within the “Cusomise”area of the cookie banner (accessible at any time using the “Change your consent” button)to opt out of receiving them.

The following table shows all the cookies used on the Website, detailing their specific characteristics and, in cases of third-party cookies, providing links to their respective privacy policies so that users can consciously decide whether to give consent to their use and which cookies to block or delete.

Cookie Settings

Nome del cookie	Tipologia (required/functional)	Finalità	Durata	Fonte e appartenenza
dwsid	Required	Identifies the current browsing session.	Current session	SFCC
sid	Required	Identifies the current browsing session. The Salesforce Reference Architecture (SFRA) uses this to determine whether to display the cookie hint content asset. Only used by SFRA and by customizations.	Current session	SFCC
dwsecuretoken_*	Required	Used with dwsid to secure the session through HTTPS. The * in the cookie name is a value unique to the site.	Current session	SFCC
dwcustomer_*	Functional	Identifies a registered shopper. Used only when the shopper selects Remember Me. (This is an optional website feature.) The * in the cookie name is a value unique to the site.	180 days	SFCC
dw_dnt*	Functional	Controls client-side JavaScript for Commerce Cloud tracking features (Analytics, Einstein, and ActiveData). Commerce Cloud sets it with each page response, based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the Einstein __cq_dnt cookie.	Current session	SFCC
dwac_*	Functional	Stores the following data for analytics purposes: Session ID, report suite name, shopper’s customer ID, source code group ID (encoded), currency mnemonic, and time zone. The * in the cookie name is a value unique to the site.	Current session	SFCC
dwpersonalization_*	Functional	Tracks participation in A/B test groups for analytics purposes. If the shopper participated in a test, then the value is cleared when the shopper logs out. The * in the cookie name is a value unique to the site.	180 days	SFCC
dwsourcecode_*	Functional	Stores the source code for campaign and affiliate tracking. You set the lifespan of this cookie for each source code in Business Manager. The * in the cookie name is a value unique to the site.	Varies from 0-999 days	SFCC
__anact	Functional	Transfers some Analytics-related data to the front end, such as data for no-hit searches.	Ephemeral	SFCC
dw_store	Functional	The store id for the session. This is used for the Store-Specific Pricing and Promotion feature. When a shopper enters a postal or zip code, it is used to locate the nearest store and store that in this cookie to drive pricing and promo experiences.	180 days	SFCC
dw_effective_time	Functional	The effective time for the session. This is used for the Shop the Future feature. When the shopper enters an effective date (ex: for future order pick up), it is used to find the accurate pricing and promotions to display to the shopper.	Session	SFCC
_cfduid	Required	Helps Cloudflare detect malicious visitors to customers' websites and minimize blocking of legitimate users. Can be used on customers' end user devices to identify individual clients behind a shared IP address and can apply security settings on a per-client basis. This is required to support Cloudflare's security features. See Cloudflare's documentation for details on this third-party cookie.	30 days	SFCC
cqcid	Required	Hashed ID for an unregistered shopper.	Current session	SFCC(Einstein)
cquid	Required	Hashed ID for a known shopper.	Current session	SFCC(Einstein)
__cq_uuid	Functional	First-party version of the third-party uuid cookie. Contains a randomly generated user ID. Used to collect information about the shopper's activities on the merchant's own website. This information is also used for analytics purposes, including by Commerce Cloud Reports and Dashboards.	13 months	SFCC(Einstein)
__cqact	Required	Holds the queue of browser activities until they are sent.	Current session	SFCC(Einstein)
__cqviews	Required	If sessionStorage is not available, contains the most recently viewed recommendations until they are sent.	Current session	SFCC(Einstein)
__cqsviews	Required	If sessionStorage is not available, contains the products in the most recent search results until they are sent.	Current session	SFCC(Einstein)
__cqcviews	Required	If sessionStorage is not available, contains the products in the most recently viewed category page until they are sent.	Current session	SFCC(Einstein)
__cq_anchor	Required	If sessionStorage is not available, contains the anchor products for recommendations on a page.	Current session	SFCC(Einstein)
weird_get_top_level_domain	Required	Detects the root domain on the page.	Current session	SFCC(Einstein)
__cq_bc	Functional	First-party version of the bc cookie. Contains activity history, such as the last 10 products viewed by the shopper.	30 days	SFCC(Einstein)
__cq_seg	Functional	Contains inferred shopping propensity attributes and other segment attributes used in predictive sort. (First-party version)	30 days	SFCC(Einstein)
__cq_dnt	Functional	Indicates that the browser has opted out of CC Einstein tracking for this site. Commerce Cloud sets it with each page response based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the Storefront dw_dnt* cookie.	12 months	SFCC(Einstein)
cq	Functional	(Session storage object) Tests whether sessionStorage is available.	Current session	SFCC(Einstein)
cq.anchor	Functional	(Session storage object) Contains anchor product IDs.	Current session	SFCC(Einstein)
cq.viewReco	Functional	(Session storage object) Contains the most recently viewed recommendations.	Current session	SFCC(Einstein)
cq.viewSearch	Functional	(Session storage object) Contains products from the most recent search results.	Current session	SFCC(Einstein)
cq.viewCategory	Functional	(Session storage object) Contains products from the most recently viewed category page.	Current session	SFCC(Einstein)
__cq_seg	Functional	Contains inferred shopping propensity attributes. Third-party cookie set on .cquotient.com.	30 days	SFCC(Einstein)
uuid	Functional	Third-party version of the first-party __cq_uuid cookie set on .cquotient.com. Contains a randomly generated user ID. Used to track data for analytics purposes, including Commerce Cloud's own analytics as described in the Trust & Compliance documentation, such as Commerce Cloud Reports and Dashboards.	30 days	SFCC(Einstein)
bc	Functional	Contains activity history, such as the last 10 products viewed by the shopper. Third-party cookie set on .cquotient.com.	30 days	SFCC(Einstein)
__cq_recoUUID	Functional	Tracks the recommendation request so that a click can be attributed to it.	Current session	SFCC(Einstein)
__cq_banditPrediction	Functional	Tracks the contextual bandit response so that a click can be attributed to it.	Current session	SFCC(Einstein)

 

COOKIE MANAGEMENT AND CONSENT

When visiting the Website for the first time, users may (i) accept all cookies by clicking on the “Accept All” button; (ii) refuse all cookies, keeping just the default settings, which only allow the use of the technical cookies necessary for the Website to function; or (iii) select only certain cookies and certain purposes on a one-by-one basis, by clicking on “Customise” and interacting with the cookie banner which is displayed on the first visit and again after six months. 

In all other cases and with each subsequent visit to the Website, users can withdraw or change their consent to the installation of unnecessary cookies by clicking on the “Cookie Policy” link at the bottom of each page of the Website and on the “Change your consent | Withdraw your consent” button that precedes the cookie table.

Moreover, given that most browsers are programmed in such a way as to accept cookies automatically, users can choose not to receive them by accessing their browser settings and disabling their use, following the procedures described at the links below:
 

Internet Explorer:    http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookies

Mozilla Firefox:    https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie

Google Chrome:    https://support.google.com/accounts/answer/61416?hl=it

Safari:    https://support.apple.com/it-it/HT201265

Opera:    http://help.opera.com/Windows/10.00/it/cookies.html
 

For more information about cookies, you can go to the website www.youronlinechoices.com (exclusively for the services supported by that platform) to get information on how to delete or manage cookies based on the browser used and how to set preferences for the use of third-party cookies. www.youronlinechoices.eu/it/

Your Online Choices is a website managed by the non-profit association European Interactive Digital Advertising Alliance (EDAA). The Italian-language version can be accessed at the address www.youronlinechoices.eu/it/. It provides information on behavioural advertising based on profiling cookies (http://www.youronlinechoices.com/it/a-proposito) and enables Internet users to easily opt out of the installation of the main profiling cookies installed by advertisers and used on the Internet (http://www.youronlinechoices.com/it/le-tue-scelte). Before using this tool, we advise users to read the general conditions of the Your Online Choices website carefully (http://www.youronlinechoices.com/it/condizioni-generali-di-servizio), as well as the frequently asked questions (FAQ) (http://www.youronlinechoices.com/it/faqs) and the users’ guide (http://www.youronlinechoices.com/it/help). 

Users must use Your Online Choices with caution. Indeed, while Your Online Choices brings together many of the advertising world’s leading companies that use cookies, some of the third parties that install cookies through the Website may not be covered by Your Online Choices. Therefore, using Your Online Choices does not guarantee that you will receive third-party cookies when surfing the Website. You should also note that if you delete all cookies from your browser, the technical cookies installed by Your Online Choices itself to remember its users’ preferences may also be deleted, making the third-party cookies active again. 
To disable analytics cookies and prevent Google Analytics from collecting browsing data, users can download the browser add-on for opting out of Google Analytics: https://tools.google.com/dlpage/gaoptout.

Staganova stores and records users’ preferences in relation to cookies thanks to a special technical cookie with the characteristics indicated in the table above.   
 

PROCESSING METHODS AND DATA STORAGE PERIODS

As described in the introduction to this policy, Staganova collects and processes certain personal data belonging to users through the cookies that it installs directly on the Website (first-party cookies). Staganova is the data controller for such data, in accordance with the provisions of European Regulation 2016/679 (GDPR). Staganova shall only process users’ data with electronic tools, in a completely automated manner.

The personal data processed may be stored on servers managed by third parties (e.g. IT system providers) or may be communicated to parties that specialise in online advertising, which shall act as data processors for Staganova based on special contracts. Staganova hereby informs users that, in accordance with the prerequisites and guarantees set out in the Regulation, users’ data may be transferred to countries outside of Europe. In such cases, Staganova shall adopt suitable safeguards to protect their confidentiality. Personal data shall not be disseminated. The data may be made accessible to group companies controlled directly or indirectly by Staganova, which shall act as data processors.

Personal data belonging to users of the Website shall be stored for the time strictly necessary to achieve the primary purposes detailed in this policy or, in any case, as necessary to protect the rights of data subjects and users, and those of Staganova itself.
 

USERS’ RIGHTS

In order to exercise their rights or obtain information or clarifications in relation to this Cookie Policy, users may contact Staganova as follows:
• By sending a registered letter with return receipt to the legal headquarters (Strada S. Lucia, 71, 06125 Perugia - Italy);
• By sending an email to ecare@staganova.com.

Users have the right to access their personal data and to request a copy thereof, and the right to know: (i) where their personal data came from; (ii) the purposes and methods of processing; (iii) the processing logic applied, in the case that it is handled with the use of electronic tools; (iv) the contact information for the controller and the processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to know them through their roles as designated or authorised parties.

Moreover, users have the right to have:
a) access to the data, and to have the data updated, corrected and, where there is good reason, completed;
b) data processed in violation of the law deleted, made anonymous or blocked, including any data that do not need to be stored in relation to the purposes for which they were collected or subsequently processed;
c) assurance that the operations referred to in letters a) and b) — including their content — have been brought to the attention of those to whom the data have been communicated or spread, except in cases in which this is impossible or requires an effort that is clearly disproportionate to the right being protected.

Users may:
a) withdraw consent at any time, in cases where processing is based on their consent;
b) (where applicable) exercise their right to data portability (the right to receive all personal data regarding them in a structured, commonly used and machine-readable format), their right to the restriction of the processing of their personal data, and their right to erasure (the “right to be forgotten”);
c) exercise the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data about them even if pertinent to the purposes for which they were collected;
ii) in whole or in part, to the processing of personal data about them for the purposes of sending advertising material, direct sales, carrying out market research or for commercial communications;
d) lodge a complaint with a supervisory Authority (in the member state in which they are habitually resident, that in which they work or that in which the alleged violation took place) if they believe that processing regarding them violates the Regulation. The Italian supervisory Authority is the Authority for the Protection of Personal Data, with headquarters in Rome, Italy (http://www.garanteprivacy.it/).

Staganova is not responsible for updating all the links visible in this Cookie Policy; therefore, whenever a link does not work or has not been updated, users acknowledge and accept that they must always refer to the document and/or section of the websites referenced by such links.