EU Regulation 2016/679 (General Regulations on Data Protection, "Regulation") and the Italian legislation in force, including Legislative Decree no. 196 of 30 June 2003 as amended (Personal Data Protection Code), (together "Applicable Regulations") establish the right of anyone to the protection of personal data concerning him/her. The applicable regulations, therefore, require that personal data is processed in compliance with fundamental rights and freedoms and the dignity of the user, with specific reference to the right to the confidentiality and protection of personal data.
 
Pursuant to the provision of the Supervisory Authority for the protection of personal data, "Identification of simplified methods for the privacy policy and acquisition of consent for the use of cookies", dated 8th May 2014 and published in the Official Gazette on 3rd June 2014, Società per azioni Esercizi Aeroportuali S.E.A. (“Company”), as data controller, provides the following information relating to cookies installed on the websites www.milanolinate-airport.com, www.milanomalpensa-airport.com, wifi.seamilano.eu (together defined “Site”).
 
The provision of such personal data for these purposes is mandatory and a refusal to provide the data may make it impossible for the Company to carry out the purpose for which the personal data is collected.

1. INFORMATION ON COOKIES USED
 
Cookies are small text strings that websites visited by the user send to their terminal (usually the browser), where they are stored to be retransmitted to the same websites during the user's next visit. While browsing a website, the user may also receive cookies on their terminal that are sent by different websites or web servers (so-called "Third Parties"), on which certain elements (such as images, maps, sounds, specific links to pages of other domains) present on the site the user is visiting may reside.
There are two categories of cookies: technical and analytical cookies that do not require consent, and cookies that require consent (analytics and advertising cookies, and cookies that enhance the user experience).

2. TECHNICAL AND ANALYTICAL COOKIES THAT DO NOT REQUIRE CONSENT
 
Technical cookies are those used merely to “transmit a communication on an electronic communication network or, to the extent strictly necessary, to the company supplying information services, specifically asked by the contractor or user to supply said service”. Such cookies do not require consent. They are not used for any other purpose and are installed by the Company. The use of such cookies is intended to improve the functionality of the Site. They can be divided into browsing or session cookies, which guarantee normal browsing and use of the website (allowing, for example, a purchase to be made or users to identify themselves in order to access reserved areas); analytics cookies, similar to technical cookies when used directly by the website manager to collect information in aggregated form on the number of users and on how they visit the website; functionality cookies that enable users to browse according to a series of selected criteria (e.g. language, products chosen for purchase) in order to improve the service offered.
For the installation of technical cookies - and those similar to these as described above - prior consent of users is not required. On the other hand,   remains unaffected the obligation to provide the Cookie Policy pursuant to the Privacy Policy and that the Company, if it uses only such devices, may provide in the manner it deems most appropriate.

The following technical cookies are used:

• JSESSIONID: third party session cookies, created by the server to maintain the session. It expires at the end of the session;
•  _GRECAPTCHA: cookie set by Google reCAPTCHA; it lasts 6 months;
• BIGIPSESSION : session cookie.

MAPP analytical cookies (more information can be found at this link):

• wtstp_eid: lasts for six months. Alphanumeric cookie used to identify the user’s unique browser.
• wtstp_sid: lasts for the current session. Cookie used for tracking visit metrics.
• wt_mcp_sid: lasts for 30 minutes. Cookie used for tracking visit metrics.
• wtstp_geid: provides information on the user’s device. Lasts for the current session.
• wtstp_nv: provides information on new or returning visitors. It lasts for a maximum of six months.
• wtstp_nv_s: provides information on new or returning visitors. It lasts until the user closes the browser.
• wtstp_rla: cookie used to detect the workload. It keeps track of the number of requests that can be sent to the analysis tool. It lasts until the user closes the browser.
• wt_nbg_Q3: cookie set by the Load Balancer to send all requests from a user to the same server. Lasts for the current session.
• wtstp_ref: cookie used to determine the referrer source of the traffic. It is deleted as soon as it is used.

Cookies by Equativ:

• Pid: third-party cookie, provided by equativ.com, intended to enable the display of advertisements on a specific browser and domain. It remains active for 13 months;
• Pbw: third-party technical cookie, provided by equativ.com, which collects cached data by browser ID, operating system ID and screen size. It remains active for 2 days;
• TestIfCookie: third-party cookie, provided by equativ.com, used to remember user preference regarding acceptance of session cookies. Only active during the site session;
• TestIfCookieP: stores the user’s preference regarding the acceptance of persistent cookies, which remain on the device after the session. It remains active for 13 months;
• Sasd: used to determine which country the user is from, allowing the site to display content in the correct language. Remains active for 1 day;
• Vs: technical cookie used to count new visits; it contains a timestamp of the last time the user visited the site; when the user returns, a new visit is counted if this value is older than 30 minutes. It remains active for 30 minutes;
• dyncdn: this technical cookie is used to enable a performance monitoring pixel of the referring web portal for a specific endpoint and its traffic. It is necessary for Equativ to balance traffic loads in case of large traffic volumes. It remains active for 1 day;
• x-smrt-d: technical cookie used for debugging purposes by the Equativ service; only active during your session on the website.
• Sasd2: third-party technical cookie provided by equativ.com, used to set a date that indicates the visitor’s entry into the website and is used for analytical purposes on the website. It lasts for 1 day.

Other Cookies

• _iub_cs-34040271: This cookie enables the saving of cookie consents (issued by Iubenda Cookie Solutions). It lasts or one year
• usprivacy: This cookie is used by the IAB CCPA Compliance Framework to store the user’s decision to give up the collection of their data. It is valid for 1 year

3. COOKIES FOR WHICH CONSENT IS REQUIRED
These cookies are used for marketing and profiling purposes and require your explicit consent before they can be used.

3.1 Third-party cookies aimed at improving the user experience
The company uses interconnection tools with external sites and functionalities to provide a better user experience (e.g. Google Maps). Often associated with a graphic element of the site such as an action button or a specific logo (e.g. the Google button), these cookies are used to integrate the functionality of other sites into the one you are browsing. The respective operators are responsible for these cookies and you can object to their use directly on the information pages of the respective operator.
 
Other cookies of experience enhancement

• NID: This  cookie  is used to store your preferences and other information (such as your preferred language, the number of results you prefer displayed on a search results page, and your preference for enabling Google’s SafeSearch filter). It has a validity period of 6 month
• UULE - Customization cookies, send precise location information from your browser to Google servers so that Google can show you results relevant to your location. The use of this cookie depends on your browser settings and whether you have chosen to activate the location for your browser. It has a validity period of 6 hours.
• CONSENT - Google uses the "CONSENT" cookie to store your cookie choices. It has a validity period of 2 years.
• SOCS - Google uses the "SOCS" cookie to store your cookie choices. It is valid for 13 months.
• AEC - cookie that ensures that requests within a browsing session are made by the user and not by other sites. These cookies prevent malicious sites from acting on a user’s behalf without their knowledge. It has a validity period of 6 months.

 
3.2 Third-party cookies aimed at analytics and advertising

a) Google Analytics: We use Google Analytics to gather information about how users interact with our website. This information is used to improve our website and services. Google Analytics uses cookies to collect this data.

• _ga Used to send data to Google Analytics regarding the device and user behavior. It tracks the user across devices and marketing channels. It has a validity period of 2 years.
• _ga_# Used to send data to Google Analytics regarding the device and user behavior. It tracks the user across devices and marketing channels. It has a validity period of 2 years.

For more information about Google Analytics and its cookies, please refer to Google’s Privacy Policy: https://policies.google.com/privacy
 
b) Mapp cookies (more information listed above can be found at the following link: https://mapp-wiki.atlassian.net/wiki/spaces/DMPCustomers/pages/426132/Privacy+Compliance#Privacy&Compliance-CookiesandDomains)

• id - This cookie represents the cookie ID set and used by the data management platform (DMP) for user recognition and synchronisation with partner systems. Synchronising the user ID allows the DMP to use the data outside the platform. It lasts for two years.
• ans3, dbm1, check, r - This cookie is used by the DMP. It contains data indicating whether a cookie ID is synchronised with the DMP. Synchronising the user ID allows the DMP to use the data outside the platform. It lasts for two days.
• flx1_pages_viewed_within_visit - This cookie collects the pages viewed during a user’s visit. Only put in place when custom events are configured within the DMP. It lasts for one session.
• flx1_time_on_site - This cookie collects the time the user has been on the site. Only put in place when custom events are configured within the DMP. It lasts for one session.
• flx1_conversion_count_{ID} - This cookie keeps track of the number of custom events per user. It is only put in place when custom events are configured within the DMP and a value is set for ‘deduplication’. Its duration is customised to the user.
• flx1_conversion_count_{ID}_expires - This cookie keeps track of when the cookie expires. It is only put in place when custom events are configured within the DMP and a value is set for ‘expiry’. Its duration is customised to the user.
• flx1_session_id_{ID} - This cookie stores a unique value that can be used to identify multiple DMP events for a single session. It lasts for the session (15 minutes).

4- ACCEPTING AND DECLINING COOKIES
By clicking on the "I accept" button, the User consents to the installation on their device of cookies for the Site on which they are browsing.
In case of non-acceptance of cookies by abandoning navigation, there is not  a "I do not accept" button, but the cookies on the Site will not be installed on the device. Any cookies already recorded locally in the browser will remain recorded but will no longer be read or used by the Company until a later and possible acceptance of the use of cookies.
We will always be able to remove these cookies at any time through the methods described in the following paragraphs

4.1 Purposes of Personal Data processing
We use cookies on our above websites for the following purposes:
a) Execution of IT authentication
b) Session monitoring
c) Definition of user profile according to preferences expressed during browsing.

4.2 Nature of Personal Data conferral and consequences of a potential refusal to respond
With reference to points a) and b) pursuant to paragraph 1 above, the installation of these cookies is not subject to prior user consent, as they are strictly necessary to transmit the communication on an electronic communication network. Without these cookies, some areas of the Websites may not be accessible or may not function properly. With reference to point c) pursuant to paragraph 1. above, user consent is necessary in connection with the installation of these cookies and a potential refusal does not in any way preclude website browsing.

4.3 Scope of disclosure and dissemination of Personal Data
For the above purposes, Personal Data may be communicated by the Company:
- to all parties whose right of access to such Personal Data is recognized by virtue of regulatory provisions and/or Authorities;
- to our collaborators, employees, consultants and suppliers, within the scope of their respective duties.
The updated list of third party companies, appointed as external data processors pursuant to article 28 of the Regulations, is available at the Company's registered office.
In any case, except as provided for above, Personal Data will not be disclosed, specifically they will not be disclosed to the public or, in any case, to an indeterminate number of parties.
Personal Data collected by SEA is not processed outside the European Economic Area.

4.4 Identification details of the Data Controller and Data Protection Officer
The Data Controller in accordance with the Code is Società per Azioni Esercizi Aeroportuali S.E.A., with registered office in Segrate (Milan) at Milan Linate Airport.
It is possible to contact the Data Protection Officer, also for the exercise of the rights of data subjects pursuant to articles 15-22 of the Regulation, by sending an email to: privacy@seamilano.eu.

4.5 Rights pursuant to Arts. 15-22 of the Regulation 
With regard to the processing of the Personal Data collected, you are entitled, pursuant to Articles 15 to 22 of the Regulation and where applicable, to obtain from the Company the rectification, integration or erasure (the "right to be forgotten") of your Personal Data; the right to obtain the limitation of the processing and the right to the portability of your Personal Data; the right to object to the processing of your Personal Data, including profiling; and finally, the right to lodge a complaint with the Guarantor Authority. You may exercise these rights by sending your request to the Data Protection Officer at the following address privacy@seamilano.eu or by ordinary mail addressed to the Data Protection Officer - 20054 Segrate (Milan), at Milan Linate Airport. For a more extensive and complete version of the disclosure, you can refer to the website's Privacy Notice.

5. HOW CAN I DISABEL COOKIES
When a user accesses any of the pages of the Sites, there is a banner that contains a short information. By clicking on "I accept", you consent to the use of cookies. Any refusal to use profiling cookies does not in any way preclude navigation on the Sites; below are the ways on how to disable cookies

5.1 Third party cookies
Advertising companies allow you to opt out of receiving targeted ads, if desired. This does not prevent the setting of cookies but stops the use and collection of certain Personal Data by such companies.
For more information about the cookies installed on your browser (including the ability to access the information of the Third Parties related to cookies installed by these through the Sites) and opt out, please visit www.youronlinechoices.eu/it/

5.2 Equativ
For more information https://equativ.com/cookie-policy/

5.3 Major browsers
Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies saved to the hard disk of your device can in any case be deleted and cookies can also be disabled by following the instructions given by the main browsers; links to the instructions offered by the major browsers are listed below:

• Chrome
• Firefox
• Edge
• Opera
• Safari

Through the "Manage your privacy preferences" link, you can modify your cookie choices. To refuse consent for the processing activities described, you need to deactivate the individual controls or use the "Reject all" button and confirm that you want to save your choices.

  Manage your privacy preferences
Notice at Collection