Cookie Policy
Last updated: 26/01/2026 (v1.0)
1. Introduction and Definitions
What Are Cookies
Cookies are small text files that visited websites send and store on the user's device (computer, tablet, smartphone, etc.), where they are saved to be retransmitted to the same websites on the user's subsequent visit.
Cookies can be installed by the website being visited (first-party cookies) or by other websites that manage elements on the visited page (third-party cookies).
Similar Technologies
In addition to cookies, the site may use other similar technologies such as:
- Web beacons (pixel tags): small images embedded in web pages or emails
- Local storage (HTML5): local storage mechanisms of modern browsers
- Session storage: temporary storage during the browsing session
All these technologies are treated similarly to cookies for the purposes of this policy and applicable regulations.
Regulatory References
This Cookie Policy is drafted in compliance with:
- Regulation (EU) 2016/679 (GDPR)
- Directive 2002/58/EC (ePrivacy Directive) as amended by Directive 2009/136/EC
- Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018
- Cookie Guidelines and other tracking tools of the Italian Data Protection Authority (Measure of June 10, 2021, No. 231)
2. Data Controller
The Data Controller for data collected through cookies is:
ITLand S.r.l.
Registered Office: Via Pietro Castellino, 179 - 80131 Napoli (NA)
VAT Number: IT09130391213
Email: support@itland.it
Certified Email (PEC): info@pec.itland.it
For information on personal data processing, please consult the complete Privacy Policy.
3. Categories of Cookies Used
The EasyRefert website uses different types of cookies, classifiable by function and purpose.
3.1 Technical Cookies (Strictly Necessary)
Technical cookies are essential for the proper functioning of the site and to allow the user to navigate and use the features offered. These cookies do not require prior user consent as they are indispensable for the provision of the requested service.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
XSRF-TOKEN |
Protection against Cross-Site Request Forgery (CSRF) attacks. Ensures that requests actually come from the authenticated user. | 2 hours (session) | First-party (Laravel) |
easyrefert_session |
User session management and maintenance of authentication status during navigation. | 2 hours (session) | First-party (Laravel) |
gdpr_consent |
Storage of user preferences regarding cookie usage. Allows not re-displaying the banner on every visit. | 365 days | First-party |
remember_web_* |
Persistent authentication cookie ("Remember me"). Allows the user to maintain access without re-entering credentials. | 400 days (optional) | First-party (Laravel) |
3.2 Analytics Cookies (Google Analytics 4)
These cookies require prior user consent and are only installed after obtaining explicit approval through the cookie banner.
EasyRefert uses Google Analytics 4, a web analytics service provided by Google LLC, to collect aggregated statistical information about site usage. The collected data is used exclusively to:
- Understand how users interact with site pages
- Analyze web traffic and feature usage patterns
- Improve user experience and optimize site performance
- Detect any technical problems or navigation errors
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
_ga |
Used to distinguish unique users by assigning a randomly generated number as a client identifier. | 2 years | Third-party (Google) |
_ga_* |
Used by Google Analytics 4 to maintain session state and collect data on user interactions. | 2 years | Third-party (Google) |
_gid |
Used to distinguish users in the 24 hours following the first visit. | 24 hours | Third-party (Google) |
_gat |
Used to throttle the request rate to the Google Analytics service. | 1 minute | Third-party (Google) |
Third-party provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
For more information on how Google collects and uses data:
- Google Privacy Policy: https://policies.google.com/privacy
- How Google uses cookies: https://policies.google.com/technologies/cookies
- Information about Google Analytics: https://support.google.com/analytics/answer/6004245
- Google Analytics opt-out tool: https://tools.google.com/dlpage/gaoptout
3.3 Profiling and Marketing Cookies
Currently, the EasyRefert website does not use profiling cookies or cookies for direct marketing and behavioral advertising purposes.
Should such types of cookies be used in the future, the user will be informed in advance and specific separate consent will be required.
4. Legal Basis and Consent
Technical Cookies - No Consent Required
Technical cookies (strictly necessary) are installed based on the legitimate interest of the Controller (Art. 6(1)(f) GDPR) and the exemption provided by Art. 122 of the Privacy Code, as they are indispensable for the provision of the service requested by the user.
Prior consent is not required for these cookies.
Analytics Cookies - Consent Required
Analytics cookies (Google Analytics 4) are installed exclusively with prior free, specific, informed and unambiguous consent from the user, in compliance with Art. 122 of the Privacy Code and the Cookie Guidelines of the Italian Data Protection Authority.
Consent is requested through the cookie banner displayed on first access to the site. The user has the option to:
- Accept all cookies (technical and analytics)
- Reject non-necessary cookies (technical only)
- Customize preferences by individually selecting categories
Prior Blocking (Cookie Wall)
In compliance with the Italian Data Protection Authority Guidelines, EasyRefert implements a prior blocking system for analytics and profiling cookies:
- Non-technical cookies are not installed before the user expresses their consent
- Access to the site is not blocked in case of refusal of non-necessary cookies (no "cookie wall")
- Consent can be withdrawn at any time with the same ease with which it was given
5. How to Manage and Modify Cookie Preferences
5.1 Managing Preferences from the Site
You can modify your cookie preferences at any time using the button at the bottom of this page:
By clicking the button, the cookie preferences banner will open again where you can:
- Accept or reject specific cookie categories
- View details of cookies used
- Revoke previously given consent
5.2 Managing Cookies via Browser
All modern browsers allow you to manage cookies through their settings. You can block cookies, selectively delete them, or delete them all at the end of the browsing session.
Instructions for major browsers:
5.3 Private/Incognito Browsing Mode
Most browsers offer a private browsing mode (Incognito in Chrome, Private Browsing in Firefox, Private Browsing in Safari) that does not store persistent cookies at the end of the session. Session cookies are still used during browsing but are deleted when the browser window is closed.
5.4 Google Analytics Opt-out Tool
Google offers a browser add-on that allows you to disable Google Analytics on all websites:
- Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
6. Cookie Duration and Expiration
Cookies used by the site have different durations based on type and purpose:
| Type | Duration | Notes |
|---|---|---|
| Session cookies | Until browser closure | Automatically deleted at the end of the browsing session |
| CSRF and security cookies | 2 hours | Automatically renewed with each request to ensure security |
| Persistent authentication cookie | 400 days | Only if the user selects the "Remember me" option at login |
| GDPR consent cookie | 365 days (12 months) | Stores user cookie preferences |
| Google analytics cookies | From 1 minute to 2 years | Variable based on the specific function of the cookie |
At the end of the validity period, cookies are automatically deleted from the user's device. You can manually delete cookies at any time through your browser settings.
7. Data Transfers to Third Countries
First-Party Cookies (EasyRefert)
Technical cookies installed directly by EasyRefert do not involve any transfer of personal data to non-EU countries. All data is stored on servers located in the European Union.
Third-Party Cookies (Google Analytics)
Data collected through Google Analytics may be transferred and processed by Google LLC in the United States of America and other countries where Google operates.
Adequate safeguards for the transfer:
- Google LLC has adhered to the EU-US Data Privacy Framework, recognized by the European Commission as a mechanism ensuring an adequate level of data protection (Adequacy Decision of July 10, 2023)
- Google applies Standard Contractual Clauses (SCC) approved by the European Commission pursuant to Art. 46 GDPR
- Google adopts supplementary security measures to protect transferred data, including encryption and pseudonymization
For more information on safeguards adopted by Google:
- Google Data Processing Terms: https://business.safety.google/adsprocessorterms/
- EU-US Data Privacy Framework certification: https://www.dataprivacyframework.gov/
8. Data Subject Rights and Consent Withdrawal
Regarding personal data collected through cookies, users can exercise the rights provided by GDPR (Articles 15-22), including:
- Right of access: obtain information about installed cookies and collected data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of collected data
- Right to object: object to data processing for analytics purposes
- Right to restriction: restrict processing in certain circumstances
- Right to data portability: obtain data in a structured format
Consent Withdrawal
Consent to the use of analytics cookies can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Withdrawal methods:
- Click the "Manage Cookie Preferences" button on this page
- Disable analytics cookies through browser settings
- Send a request via email to support@itland.it
Complaint to the Data Protection Authority
Users have the right to lodge a complaint with the Italian Data Protection Authority in case of violation of regulations:
Garante per la Protezione dei Dati Personali
Piazza Venezia, 11 - 00187 Rome
Tel: +39 06 696771
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
9. Security of Data Collected Through Cookies
The Controller adopts adequate technical and organizational security measures to protect data collected through cookies, including:
- HTTPS encryption: all communications between browser and server are encrypted with TLS 1.3 protocol
- Secure cookie flags: cookies are set with "Secure" flag (transmission only over HTTPS) and "HttpOnly" (not accessible by JavaScript to prevent XSS)
- SameSite attribute: protection against Cross-Site Request Forgery (CSRF) attacks
- Audit logs: recording of access and changes to cookie preferences
- Data minimization: collection of only data strictly necessary for stated purposes
10. Cookie Policy Updates and Modifications
The Controller reserves the right to modify, update, or supplement this Cookie Policy at any time, to adapt it to regulatory changes, the introduction of new technologies, or the improvement of services offered.
Changes will be published on this page with indication of the last update date. In case of substantial changes requiring new consent, the user will be informed through the cookie banner on their next visit to the site.
Users are invited to periodically consult this page to stay informed about cookie usage practices.
11. Contact
For any questions, clarification requests, or to exercise the rights provided by GDPR regarding cookie usage, you can contact:
ITLand S.r.l.
Email: support@itland.it
PEC: info@pec.itland.it
Tel: +39 081 18096512
Data Protection Officer
Email: privacy@itland.it
Contact hours: Lunedì-Venerdì 09:00-13:00, 14:00-18:00
Data Controller
ITLand S.r.l.
VAT: IT09130391213
Email: support@itland.it