ITEN

Legal

Cookie Policy

Last updated: 15 May 2026

This Cookie Policy describes the types of cookies and analogous technologies used on the arsaures.com site, in compliance with Regulation (EU) 2016/679 (GDPR), the ePrivacy Directive (2002/58/EC) and the Italian Data Protection Authority Provision of 10 June 2021. For general personal data processing please refer to the Privacy Notice.

1. What cookies are

Cookies are small text files that visited sites send to the user's browser. They are stored and then re-transmitted to the site on the next visit. Similar technologies (such as the browser's localStorage) allow information to be stored in a comparable way.

Cookies can be classified by ownership (first-party if managed directly by Ars Aures, third-party if managed by external providers), by purpose (technical, statistical, profiling) and by duration (session cookies, deleted when the browser closes, or persistent cookies, kept for a defined time).

2. Technical cookies used on arsaures.com

The site exclusively uses technical cookies necessary for its operation. These cookies do not require user consent pursuant to the Italian Data Protection Authority Provision of 10 June 2021 and Art. 122 D.Lgs. 196/2003.

NEXT_LOCALE — language preference

Ownership: first-party (arsaures.com).
Purpose: store the language chosen by the user (Italian or English) to automatically serve content in the correct language on subsequent visits.
Duration: session cookie (deleted when the browser closes).
Attributes: `SameSite=Lax`, not HTTP-only.

payload-token — reserved-area session

Ownership: first-party (arsaures.com).
Purpose: keep the user authenticated in the site's reserved areas (admin panel, Distributor portal, Dealer portal) after logging in.
Duration: 7 days from login.
Attributes: `HttpOnly`, `SameSite=Lax`, contains a JWT signed by the server. Not accessible from JavaScript.
Condition: set only if the user logs in. Unregistered users never receive it.

3. Local storage technologies

The site also uses the browser's localStorage — a technology analogous to cookies but not transmitted to the server with each request. It is purely technical local storage and does not require consent.

ars-aures-cookie-consent — consent preferences

Purpose: store the user's choice on the cookie banner (which categories they accepted), to avoid showing the banner again on subsequent visits.
Duration: persistent until manually cleared from the browser, or until the user clicks "Manage cookies" in the footer to change preferences.
Content: a JSON object with the necessary/analytics/marketing flags, acceptance timestamp and banner version.

4. Third-party cookies

The site does not use any third-party analytics services (e.g. Google Analytics, Matomo) nor behavioural advertising trackers (e.g. Meta Pixel, LinkedIn Insight Tag, Google Ads).

The third-party services that may set cookies are the following. The first two (Cloudflare Turnstile, YouTube/Vimeo) are designed not to install cookies until the user interacts; the third (Google Maps) sets cookies when the Contact page loads:

Cloudflare Turnstile (form anti-spam)

Provider: Cloudflare, Inc. (USA), with Standard Contractual Clauses under Art. 46 GDPR for extra-EU transfer.
Domain: `challenges.cloudflare.com`.
Purpose: verify that the submission of site forms (contact, listening booking, warranty registration, B2B partner registration, newsletter subscription) is made by a human and not a bot.
Type: client-side JavaScript verifications. Cloudflare Turnstile is explicitly designed to NOT use tracking cookies and does not collect profiling data or browsing history (key difference vs reCAPTCHA / hCaptcha).
When activated: only if the user interacts with a site form that requires anti-spam verification. It is not activated when merely viewing pages.
Full notice: https://www.cloudflare.com/privacypolicy/

YouTube and Vimeo (video embed)

Providers: Google LLC (YouTube) and Vimeo, Inc.
Domain: `youtube-nocookie.com` and `player.vimeo.com`.
Purpose: allow playback of videos embedded in editorial pages (Journal, Atelier, Maison).
Type: technical video player cookies, possibly statistical cookies from the provider depending on its settings.
When set: Ars Aures uses YouTube's privacy-enhanced mode (`youtube-nocookie.com`); in this mode no cookies are set until the user clicks Play on the video. The same principle applies to Vimeo: simply viewing the page with the embed does not result in provider cookies being installed.
Full notice: https://policies.google.com/privacy (YouTube), https://vimeo.com/privacy (Vimeo).

Google Maps (Contact page map)

Provider: Google Ireland Ltd. / Google LLC (USA), with Standard Contractual Clauses under Art. 46 GDPR for any extra-EU transfer.
Domains: `google.com`, `maps.google.com`, `*.gstatic.com`.
Purpose: display the map and Street View of the Castelvetrano premises on the Contact page, to help locate and reach the atelier.
Type: map embedded via Google's official embed code. Unlike the other services listed above, Google may set cookies — including profiling cookies — when the map loads.
When activated: the map loads when the Contact page is opened; it is not loaded on other pages and sets no cookies there.
How to avoid it: simply do not visit the Contact page, or block third-party cookies in your browser (see section 7). The contact details (email, phone, address) remain available in text form on the same page regardless.
Full notice: https://policies.google.com/privacy

5. Backend services that do not install cookies in the browser

For completeness, the site uses the following providers for server-side activities only: these services do not install cookies in the user's browser as they operate behind the scenes (server-to-server or email delivery).

  • Resend — transactional email delivery (registration confirmations, warranty notifications, password recovery). Emails sent from the Ars Aures server via API.
  • Brevo — newsletter subscription management and email campaign delivery. Server-to-server.
  • Hosting — Postgres and Next.js servers in EU datacenter (Italy).

Further details on personal data processing by these providers are indicated in the Privacy Notice.

6. Consent management

On the first visit to the site, a banner is shown informing the user about the use of cookies and allowing them to:

  • accept only necessary cookies (default choice),
  • manage granular preferences for the different categories (necessary, statistical, marketing).

The user's choice is saved in the browser's localStorage under the key `ars-aures-cookie-consent` (see section 3). With the exception of the Google Maps embed on the Contact page (section 4) — which sets third-party cookies when it loads — the site does not install "statistical" or "marketing" cookies: the banner options are prepared for possible future integrations.

At any time it is possible to modify or revoke consent by clicking the "Manage cookies" link in the site footer.

7. Disabling cookies in the browser

Regardless of the banner, you can configure your browser to block or delete cookies. Note that disabling technical cookies may cause some site areas not to function correctly (in particular login to the reserved area).

Instructions for the most common browsers are available at the following addresses:

8. Data subject rights and contacts

For the exercise of the rights provided for by the GDPR (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to the Authority) please refer to the Privacy Notice.

For any clarification regarding cookies write to privacy@arsaures.com.

9. Changes to this policy

The Controller reserves the right to update this Cookie Policy in case of regulatory, technical or organisational changes (in particular if analytics or marketing services are activated in the future). The updated version will be published on this page with the new last-update date.

For any clarification write to privacy@arsaures.com.