syncbyaperol.it Privacy & Cookie Policy

1. Introduction

When you browse our website or use our services, we collect information and personal data about you. For this reason, in compliance with Legislative Decree no. 196/2003 and EU Regulation no. 679/2016 (together, "Privacy Legislation"), we have created this document (hereinafter the "Privacy Policy") to describe what personal data we collect, the purposes and methods of processing, and the security measures we adopt to protect them. This Privacy Policy constitutes the information notice for data subjects issued pursuant to applicable personal data protection legislation and has been drafted in accordance with Recommendation no. 2/2001, adopted on 17 May 2001 by the Working Party on the Protection of Individuals with regard to the Processing of Personal Data – Art. 29, regarding the minimum requirements for online data collection in the European Union. Furthermore, we inform you that this Privacy Policy applies only to the website www.syncbyaperol.it (hereinafter, the "Site") and our services (hereinafter, the "Services") and does not apply to third-party websites that may be referenced via links or banners within the Site.

2. Source of data and purposes of data processing

Browsing data

The computer systems used to operate the Services acquire, in the course of their normal operation, some of your personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for the purpose of identifying you, but could lead to your identification if, for example, it were combined with data held by third parties. This category of data includes the IP address and domain name of your computer, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to your operating system. We use this data solely to obtain anonymous statistical information on the use of the Services and to monitor their correct functioning. We delete the data collected in this way immediately after processing. The data may be used to ascertain liability in the event of computer crimes committed against the Services.

Registration information and further information

Browsing our Site does not require the creation of a personal account.

Should you collect, process and communicate to us information relating to third parties, you must do so in compliance with the provisions of the Privacy Legislation and, therefore, you must provide them with prior notice of the processing and, if necessary, collect their free and express consent before carrying out the processing.

3. Purposes of processing

Providing us with the browsing data indicated above is necessary to be able to use the Site. Any refusal to provide it would prevent you from browsing our Site and from using our Services.

Failure to give consent by clicking the "Reject" button located within the appropriate banner, or failure to make a choice by the User, results in the default settings being maintained and allows browsing to continue without cookies.

Providing additional information is instead optional. Your refusal to provide it would still allow you to use our Services but would prevent you from discovering and exploring all their potential.

3.1 Further purposes of processing

With your express consent, we will also use the information you provide for additional purposes different from those listed above. These include processing for marketing purposes through the creation of a personal account for access to pages reserved for registered users.

Providing information for the above additional purposes is optional. Any refusal on your part to provide it would still allow you to use our Services but would prevent us from pursuing the purposes listed above. In any case, you will always be able to revoke your consent to the collection and processing of your personal data, and to object to receiving promotional communications.

3.1.1 "Book Your Experience" Service

a) Booking service

With reference to the "Book Your Experience" Service, Autogrill collects the personal data you provide in order to allow you to access the services offered by the website, with particular reference to the "Book Your Experience" service.

In particular, to use the service it is necessary for the User to provide their first and last name, phone number, and email address where they may be contacted; as well as their date of birth.

For the purposes indicated above, providing the data is necessary and any refusal may prevent you from using the Service.

b) Commercial purposes

b.1) With the User's consent, which is optional, Autogrill may use personal data for marketing purposes such as sending commercial communications (e.g. newsletters) relating to products and services of Autogrill and Autogrill's commercial partners, market research, satisfaction surveys, invitations to events organised by or participated in by Autogrill, through the contact methods indicated by you (e.g. email, phone, SMS, push notification). The User may at any time object to receiving the communications described above with respect to some or all communication channels by contacting Autogrill at the details indicated in the following paragraphs.

b.2) With the User's consent, which is optional, Autogrill may collect, including through questionnaires aimed at understanding their purchasing habits and use of Autogrill services, data on their preferences, habits, and lifestyles for the creation of group and individual profiles (profiling) in order to create personalised offers to communicate to the Data Subject. Your personal data may be used in aggregate form for internal statistical analysis.

c) Use of images

On the occasion of the Event in which the user wishes to participate, photo and video footage of Event participants may be taken. With the User's consent, which is optional, Autogrill may take photographic and video footage of individual Event participants who have given their consent for the purpose of:

publishing photos and videos on the company intranet and/or on the Company's social media pages and websites;
promoting the image of Autogrill and/or the Event through the use of Personal Data, photographic content and/or video footage published on the company intranet and/or on the Company's social media pages and websites.

The legal bases for processing related to the "Book Your Experience" Service are as follows:

the User's consent
compliance with legal obligations
legitimate interest of Autogrill
performance of a contract

The data provided to use the "Book Your Experience" Service will be retained by Autogrill for the time strictly necessary to pursue the purposes for which your personal data are collected, i.e. for the time necessary to collect and manage your booking, as well as to comply with applicable legal obligations.

4. Information collected through cookies and other technologies

Cookies are small files sent by websites visited by users and stored on the device used to access those sites. When users visit the same site again, the browser reads the cookies stored on the device and retransmits the information to the site that originally created the cookies. Our Site also uses various types of cookies and other technologies for reading and storing information on the user's device for the purpose of, for example, conducting statistical analysis, personalising and facilitating users' browsing experience and, with the user's prior consent, offering you advertising based on your interests. We do not use cookies that have the ability to run programmes on your devices, send viruses to them, or allow control over your devices to be established.

In accordance with the "Cookie and other tracking tools guidelines" issued by the Italian Data Protection Authority on 10 June 2021, when the user first accesses the website, no cookies or other tools other than technical ones are placed on your device, nor is any other active or passive tracking technique used.

When the User accesses the homepage of the site for the first time, they immediately see a banner in which they can give their consent or refusal to the processing of personal data through cookies or express their preferences.

In accordance with the Italian Data Protection Authority's provision of 8 May 2014, we inform you that this notice also represents an extension of the short banner already displayed upon connection to the Site. In particular, our Services adopt:

technical cookies, which are necessary for the operation of the Site, including the provision of the Services it offers. This category of cookies includes analytics, session and functionality cookies, used by the data controller to, for example, collect information, in aggregate form, on the number of users and how they visit the site, to save your browsing preferences such as language, or to recognise returning users. The aforementioned cookies may be:
temporary, when they are automatically deleted at the end of the connection;
permanent, when they remain stored on the user's hard disk, unless the user deletes them. The cookies used are exclusively first-party, as they are set and managed directly by the site operator. No third-party cookies are used on the Site.

The Site does not use profiling cookies.

It is possible to manage and disable cookies directly from the browser settings:

or through the portal www.youronlinechoices.com/it

On this website we use Google Analytics Cookies to analyse the use of this website. For more information on individual analytics cookies, please refer to Google's privacy policy available at http://www.google.com/privacypolicy.html.

The site also uses Instagram Cookies for the purpose of collecting aggregate information on the number of users and how they visit the site. For more information on individual cookies, please refer to Instagram's privacy policy, available at: href="https://instagram.com/legal/cookies/" target="_blank" rel="noopener noreferer" aria-label="Opens the site in an external tab">https://instagram.com/legal/cookies/

The following table provides details of the Cookies used by this site:

Name	Provider	Purpose	Expiry
NECESSARY TECHNICAL COOKIES
_x_open_	syncbyaperol.it	Stores the outcome of the age verification to avoid repeating the check during subsequent visits	Persistent (until manual deletion or cache clearing)
XSRF-TOKEN	syncbyaperol.it	Cookie generated by the site to include the CSRF token	1 hour
sync_by_aperol_listening_bar_bistrot_session	syncbyaperol.it	Cookie generated by the site to identify the browsing session	1 hour
magazine_visitor_id	syncbyaperol.it	Management of the magazine article viewing session	1 month
_iub_previous_preference_id	iubenda s.r.l. (via consent management script)	Keeps track of the ID of the previous cookie consent preference expressed by the user, so as to recognise when preferences have been changed or already recorded. It is used by the consent management solution to compare current and previous preferences and correctly manage the banner and cookie behaviour.	1 year
_iub_cs-*	iubenda s.r.l. (via Privacy Controls and Cookie Solution script)	Records the consent preferences expressed by the user in the cookie banner; used to remember which categories of cookies the user has accepted or rejected in order to avoid showing the banner every time and to respect the user's choices.	1 year
__stripe_mid	Stripe (checkout.stripe.com)	Fraud prevention and payment support via Stripe	1 year
__stripe_sid	Stripe (checkout.stripe.com)	Payment session management and fraud prevention	30 minutes
STATISTICAL COOKIES
_ga	Google LLC (via Google Analytics)	Allows Google Analytics to distinguish unique users and collect anonymous statistical data on site usage (visits, pages viewed, etc.).	Approximately 2 years (renewed with each interaction)
_ga_*	Google LLC (via Google Analytics)	Stores and updates the session state for Google Analytics 4	2 years
MARKETING COOKIES
_fbp	Meta Platforms, Inc. (facebook.com)	Identifies the browser to measure and optimise advertising campaigns and retargeting activities	90 days

NECESSARY TECHNICAL COOKIES

Name: _x_open_ Provider: syncbyaperol.it Purpose: Stores the outcome of the age verification to avoid repeating the check during subsequent visits Expiry: Persistent (until manual deletion or cache clearing)

Name: XSRF-TOKEN Provider: syncbyaperol.it Purpose: Cookie generated by the site to include the CSRF token Expiry: 1 hour

Name: sync_by_aperol_listening_bar_bistrot_session Provider: syncbyaperol.it Purpose: Cookie generated by the site to identify the browsing session Expiry: 1 hour

Name: magazine_visitor_id Provider: syncbyaperol.it Purpose: Management of the magazine article viewing session Expiry: 1 month

Name: _iub_previous_preference_id Provider: iubenda s.r.l. (via consent management script) Purpose: Keeps track of the ID of the previous cookie consent preference expressed by the user, so as to recognise when preferences have been changed or already recorded. It is used by the consent management solution to compare current and previous preferences and correctly manage the banner and cookie behaviour. Expiry: 1 year

Name: _iub_cs-* Provider: iubenda s.r.l. (via Privacy Controls and Cookie Solution script) Purpose: Records the consent preferences expressed by the user in the cookie banner; used to remember which categories of cookies the user has accepted or rejected in order to avoid showing the banner every time and to respect the user's choices. Expiry: 1 year

Name: __stripe_mid Provider: Stripe (checkout.stripe.com) Purpose: Fraud prevention and payment support via Stripe Expiry: 1 year

Name: __stripe_sid Provider: Stripe (checkout.stripe.com) Purpose: Payment session management and fraud prevention Expiry: 30 minutes

STATISTICAL COOKIES

Name: _ga Provider: Google LLC (via Google Analytics) Purpose: Allows Google Analytics to distinguish unique users and collect anonymous statistical data on site usage (visits, pages viewed, etc.). Expiry: Approximately 2 years (renewed with each interaction)

Name: _ga_* Provider: Google LLC (via Google Analytics) Purpose: Stores and updates the session state for Google Analytics 4 Expiry: 2 years

MARKETING COOKIES

Name: _fbq Provider: Meta Platforms, Inc. (facebook.com) Purpose: Identifies the browser to measure and optimise advertising campaigns and retargeting activities Expiry: 90 days

The Services may contain applications and materials ("APIs") that use data drawn from your accounts opened on social networks such as Facebook, LinkedIn, etc. For example, an API may be created that allows you to post comments directly on the social network to which you are subscribed. When you use an API of this type, your personal data is transmitted to the social network's website. Such data is governed by that social network's privacy policy. An API may also be created that allows information and content relating to you, your friends, your user ID and other types of content from the social network used to be obtained. Such information and content will not be acquired unless you have expressed your consent on the social network's website. Where such consent is given, the aforementioned information will be used in accordance with this Privacy Policy and the API rules of that social network.

5. Methods of data processing and data retention

We process your personal data with the aid of electronic tools and always in compliance with the security requirements demanded by applicable legislation. Our security measures include contractual instruments with any contractor (e.g. service providers) or agent in order to ensure the protection of the security and confidentiality of your personal data in accordance with the provisions of applicable personal data protection legislation.

We retain your personal data for as long as your account remains active. Even after its closure, we will retain the data to the extent necessary to comply with obligations imposed by laws or regulations, to protect our rights, to prevent fraud or to enforce this Privacy Policy. With particular reference to the judicial protection of our rights, we specify that we adopt a personal data retention period of 24 months from the date of account closure.

6. Scope of communication

Internal and external communication of personal data

Your personal data will be processed only by previously appointed data processors or controllers. In particular, your data may be communicated to external parties such as professional and/or technical service providers, and/or legitimate recipients pursuant to law and, subject to your consent as specified above, to third-party companies carrying out marketing activities. Data recipients act as data controllers, processors or appointees in accordance with applicable legislation. Should we be involved in a reorganisation, acquisition or sale of our company or parts thereof, we will communicate your data to the third parties involved in the procedure.

Any third party that receives your data in the context of this procedure may use them within the limits established by this Privacy Policy. To receive the updated list of processors, as well as the list of recipients of your personal data, please contact us by sending an email to: DPO@autogrill.net.

7. Transfer of data abroad

Your personal data may be transferred by us outside Italy to third-party recipients established within the European Union. Such transfer is unrestricted as each EU member state guarantees an adequate level of data protection. However, we may also transfer your data to third countries outside the European Union that do not guarantee the same level of data protection. Nevertheless, we inform you that such transfer to third countries will always take place in accordance with the provisions of the Privacy Legislation, i.e. through the collection of your consent, where necessary, or through the adoption of any other measures necessary to ensure the security of the data being transferred (e.g. the use of Standard Contractual Clauses based on the model drawn up by the European Commission).

8. Your rights

At any time you may exercise the rights recognised under the Privacy Legislation, as follows:

Right of access to your personal data: you have the right to obtain from the data controller confirmation as to whether or not personal data concerning you is being processed and, if so, access to it. Access entails knowledge of certain information, including the purposes of the processing, the categories of personal data processed and the recipients to whom the data is communicated. However, there is no absolute right of access and the interests of other individuals may limit your right of access. You also have the right to obtain a copy of the personal data being processed. A fee may be charged for additional copies.
Rectification of your personal data: you have the right to obtain the rectification of inaccurate personal data concerning you, as well as to obtain the integration of incomplete personal data, including by providing a supplementary statement.
Erasure of your personal data: the right to obtain from the data controller the erasure of personal data concerning you without undue delay, and the data controller has the obligation to erase personal data without undue delay where certain circumstances exist, including where the data is no longer necessary in relation to the purposes for which it was collected or where consent has been withdrawn.
Restriction of processing of your personal data: in limited circumstances – including where the accuracy of the data is contested – you have the right to request the restriction of the processing of personal data concerning you.
Data portability: you have the right to receive in a structured, commonly used and machine-readable format the personal data concerning you provided to a data controller, and you have the right to transmit that data to another data controller without hindrance from the data controller to whom it was provided, where the processing is based on consent and is carried out by automated means.
Right to object: you have the right to object to the processing of personal data concerning you at any time, on grounds relating to your particular situation. The right to lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority) remains unaffected.

To exercise these rights, please contact us using the details provided below.

9. Data Controller and Data Processor.

The Site and Services are managed by Autogrill Italia S.p.A., with registered office in Rozzano (MI), strada 5, 20089, email: DPO@autogrill.net, acting as data controller.