Pursuant to the current legislation on the protection of personal data (the “Privacy Regulations“) including the EU Regulation 2016/679 (the “GDPR“), Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018 (“Privacy Code“), as well as the provisions of the Italian Data Protection Authority on cookies, Geico S.p.A., (the “Company” or the “Data Controller“), as data controller, provides users (hereinafter the “Users” or, in the singular, the “User“) with the following information regarding the cookies installed on the domain www.geicotaikisha.com (the “Website”).

Who is the Data Controller?
The Data Controller is Geico S.p.A., with registered office at Via Pelizza da Volpedo 109/111, Cinisello Balsamo (MI), 20092, Italy, VAT No. 00688580968, which can be contacted via the phone number +39 02 660221 or at the following e-mail address infoprivacy@geicotaikisha.com.

What are cookies?
Cookies are text files and numbers that are installed when browsing a website in the memory of the device (PC, smartphone or tablet) connected to the Internet through the browser application installed there.
Cookies, which are usually present in a very high number in the Users’ browsers and sometimes with characteristics of long persistence, are used for different purposes: execution of computer login, monitoring sessions, storing information on specific configurations regarding the Users who access the server, etc.

The Privacy Regulations identify the following macro-categories:

• “technical cookies”, are those cookies used to browse or to provide a service requested by the User.
  These cookies are not used for any other purpose and are normally installed directly by the owner or operator of the Website.
  In addition, these cookies can be divided into:
• navigation or session cookies, which guarantee normal browsing and use of the website (allowing, for example, to make a purchase or log in to access personal areas);
• functionality cookies, which allow the User to browse according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the same.

For the installation of technical cookies, the prior consent of the Users is not required;

• “profiling cookies”, are cookies designed to create profiles of the User and are used to send advertising messages in line with the preferences expressed by the User while browsing the web. Due to the fact that such devices can be very intrusive with reference to the private data of the Users, the Privacy Regulations provide that the User must be adequately informed about the use of such devices and thus express his/her valid consent.

Therefore, for the installation of profiling cookies the consent of the User is necessary, manifested after the User has been informed through simplified methods;

• “analytics cookies”, are used to monitor the use of the Website by Users for purposes of optimisation of the same (number of visitors, pages visited, time spent on the Website, etc.). These can be assimilated to technical cookies only when they are created and used directly by the first party website (without the intervention of any third parties).

In particular, in order to consider analytics cookies as technical cookies, it is necessary that:
(i) analytics cookies are only used to produce aggregate statistics and in relation to a single website or mobile application;
(ii) third-party analytics cookies mask at least the fourth component of the IP address;
(iii) third parties do not combine such analytics cookies with other processing (customer files or statistics of visits to other websites, for example) or transmit them to third parties.

In addition, cookies may be installed by the Website visited by the User (the so-called “first-party cookies“), or may be installed by other websites (the so-called “third-party cookies“).

Finally, in terms of time, cookies can be divided into:
(i) “persistent cookies“, i.e. cookies that are permanently stored on the User’s device until they expire (minutes, days, years);
(ii) “session cookies“, i.e. cookies that are automatically deleted when the browser is closed.

Cookie settings

Please note that third-party cookies fall under the direct and exclusive liability of the third party itself.
It follows that third-party cookie providers are also obliged to comply with the Privacy Regulations.
For this reason, please refer to the links of the third party website pages, where the User can find the forms
for providing consent to cookies (where necessary) and the relevant policies.

How can the User manage and/or disable cookies?
When the User visits the Website for the first time, he/she will be informed about the type of cookies used by the
Website by means of an information banner that will immediately appear at the top of the Website page.
In the same banner, the User can manage his or her preferences regarding the installation of cookies through specific commands.
Following the display of the banner, by continuing to browse the Website, the User accepts the use of the cookies selected by the Website by default.

However, the User can change cookie settings at any time here:

Cookie settings

To whom is the data collected using cookies disclosed?
The data collected using cookies may be processed by our employees and collaborators in their capacity as persons authorised to do so under the Privacy Regulations.
Such data may also be processed by companies we trust to carry out technical and organisational tasks on behalf of the Company. These companies are our direct collaborators and operate by virtue of a specific appointment as data processors.
The list of all the appointed Data Processors involved in the processing operations through the Website is constantly updated and is available on request by sending a communication to the e-mail address infoprivacy@geicotaikisha.com.
Personal data collected using cookies will not be passed on to third parties and will be processed exclusively within the European Union.
Should the need arise to transfer the data outside the European Union, the Company will take care to carry out such transfers only in the presence of adequate guarantees pursuant to Art. 46 et seq. of the GDPR.
Data collected using cookies from Vimeo, [Google, Linkedin, Facebook, Youtube] may be transferred by these third parties outside the European Union, in particular to the United States of America, in accordance with the Privacy Regulations.
In any case, for further information please visit the relevant cookie policies of Vimeo, [Google, Linkedin, Facebook, Youtube] available in the section “What cookies does the Website use and for what purposes?”, par. iii) of this policy.
Data collected using cookies will not be disclosed.

What rights can Users exercise?
The User will always have, in accordance with the law, the right to revoke at any time his/her consent, where given, as well as to exercise, at any time, the following rights (collectively, the “Rights“):

• the “right of access” and specifically to obtain confirmation of the existence or otherwise of personal data concerning him or her and their communication in intelligible form;
• the “right to rectification“, i.e. the right to request the rectification or, if interested, the integration of personal data;
• the “right to erasure“, i.e. the right to request the erasure, transformation into anonymous form of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes for which the personal data were collected or subsequently processed;
• the “right to restriction of processing“, i.e. the right to obtain from the Data Controller the restriction of data processing in certain cases provided for under the Privacy Regulations;
• the right to request from the Data Controller the list of the recipients to whom any rectification or erasure or restriction of processing was notified (in accordance with Articles 16, 17 and 18 GDPR, in fulfilment of the notification obligation except where this proves impossible or involves a disproportionate effort);
• the “right to data portability“, i.e. the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
• the “right to object” i.e. the right to object, in whole or in part:

• to the processing of personal data carried out by the Data Controller for its own legitimate interest;
• to the processing of personal data carried out by the Data Controller for marketing or profiling purposes.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the User’s personal data are communicated of the possible exercise of rights, except in specific cases where this is not possible or is too costly and, in any case, in accordance with the provisions of the Privacy Regulations.
Where processing is based on consent, the Data Subject will also be entitled to revoke, at any time, any consent given, it being understood that revocation of consent will not affect the lawfulness of processing based on consent prior to revocation.

How to exercise your rights?
The User may at any time exercise his/her Rights in the following ways:

• by email sent to: infoprivacy@geicotaikisha.com;
• by ordinary mail, to the address of the registered office of Geico S.p.A.: Cinisello Balsamo (MI), Via Pelizza da Volpedo 109/111, 20092, Italy.

The Data Controller informs the User that, pursuant to the Privacy Regulations, he or she has the right to lodge a complaint with the competent supervisory Authority (in particular in the Member State of his or her usual residence, place of work or place of the alleged breach), if he or she deems that his or her Personal Data are being processed in a manner that would result in a breach of the GDPR.

In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authorities are available at the following link https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Finally, if the User intends to lodge a complaint with the Supervisory Authority competent for the Italian territory (i.e. Italian Data Protection Authority), the complaint form is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.