The processing of personal data is carried out for the following purposes:

a. To allow registration on the Website and access to services reserved for registered users, as well as to ensure compliance with legal or regulatory obligations in force, particularly in administrative, accounting, and public security matters. The legal basis for processing is the necessity for the Data Controller to carry out pre-contractual measures taken at the request of the data subject or to fulfill a legal obligation;

1. in the case of placing an online purchase order, to allow the conclusion of the purchase contract and the proper execution of the related operations (and, if required by sector-specific regulations, to fulfill tax obligations). The legal basis for processing is the obligation of the Data Controller to execute the contract with the data subject or to comply with legal obligations;
2. limited to the email address you provided during a purchase through the Website, to allow the Data Controller to directly offer similar products (so-called soft spamming), provided that you do not object to such processing in the manner indicated in this privacy notice. The legal basis for the processing is the legitimate interest of the Data Controller in sending this type of communication. This legitimate interest may be considered equivalent to the data subject’s interest in receiving ‘soft-spam’ communications;
3. subject to your consent, for the sending of newsletters and the conducting of market surveys, including those aimed at assessing user satisfaction, as well as for the sending of advertising materials related to the Data Controller’s products and/or those of third parties, via systems such as email (marketing purposes); subject to your consent, for the creation of your commercial profile, by collecting and analyzing your preferences and purchasing habits, both to monitor customer satisfaction and to send you advertising material related to the Data Controller’s products and/or those of third parties that may be of specific interest to you, via systems such as email (profiling purposes). The legal basis for the processing is the data subject’s consent;
4. if the chat service is active, to enable its use, allowing the user to contact and be contacted by the Data Controller, with your prior consent, while browsing the Website. The legal basis is the legitimate interest of the Data Controller in carrying out this type of activity. This legitimate interest may be considered equivalent to the data subject’s interest in using the Website’s chat service;
5. to respond to your inquiries through the customer care service. Providing your data is optional, but refusal to do so will prevent the Data Controller from responding to your questions through this service. The legal basis for processing is the legitimate interest of the Data Controller in responding to user requests. This legitimate interest is equivalent to the user’s interest in receiving a response to communications sent to the Data Controller;
6. to respond to your requests via email or telephone. Providing this information is optional, but your refusal will make it impossible for the Data Controller to respond to your requests. The legal basis for processing is the legitimate interest of the Data Controller in responding to user requests. This legitimate interest is equivalent to the user’s interest in receiving a response to communications sent to the Data Controller.

Providing data for the purposes referred to in points a) and b) is purely optional. However, since such processing is necessary to make a purchase on the Website, your refusal to provide the data in question will make it impossible to complete the purchase through the Website.

Consent to the processing of your data for marketing and profiling purposes is entirely optional. Failure to provide consent will result only in the consequences described below.

Failure to consent to the processing of data for marketing purposes will result in your inability to receive advertising material related to products of the Data Controller and/or third parties, as well as the Data Controller’s inability to conduct market research, including surveys aimed at assessing user satisfaction, and to send you newsletters.

Failure to consent to the processing of your personal data for profiling purposes will result in the Data Controller being unable to create your commercial profile by tracking your choices and purchasing habits, and unable to send you advertising material related to products of the Data Controller and/or third parties that are specifically of interest to you.

Notwithstanding the above, it is understood that the Data Controller may still use your personal data solely to properly fulfill the obligations required by applicable laws and the contractual relationships between you and the Data Controller.

Please note that you can object to the processing of your personal data at any time via a specific link found at the bottom of any promotional email sent by the Data Controller.

Data provided in the context of the ‘Ship to a different address?’ service.

On the Website, you will have the possibility to gift one or more products to a person by entering the personal data requested each time. You acknowledge that the Data Controller will retain such personal data only for the time strictly necessary to document that your request has been processed. To use this service, you must be able to demonstrate, if requested by the Data Controller, that you are legitimately authorized to use the personal data of your friends/contacts.

Data related to the payment card.

To make a payment using one of the payment cards offered on the Website, the user must enter the confidential payment card details directly on a page that will communicate through a secure encryption protocol with the payment service provider (which will act as an independent data controller), without passing through the Data Controller’s server, which therefore will not process such data in any way. The data will be acquired in encrypted format.

In compliance with the legal obligations set forth by Directive 2015/2366/EU on payment services in the internal market (PSD2), you are informed that, regarding purchases made on the Website via credit card, among the data necessary to complete the purchase procedure may be the mobile phone number you provide, or another personal data necessary to complete the purchase process. Indeed, to allow you to complete the purchase, the payment institution responsible for managing the transaction will send you an authentication code, which you must enter as part of the purchase procedure to satisfy the authentication criteria required by PSD2 (Strong Customer Authentication). The processing of your personal data for these purposes is based on the fulfillment of legal obligations and does not require your consent.

With regard to the payment card data, it is specified that the processing of your personal data is necessary to allow the conclusion of the online purchase contract with the Data Controller. Failure to provide these data will prevent you from completing the online purchase process.

Bank transfer.

If you choose bank transfer as your payment method, in the event of any refund, the Data Controller will ask you for the necessary bank details to process the payment.

Sensitive or judicial data.

The Data Controller does not process special category or judicial data.

Geolocation.

If you access the Website, you may receive a notification on your device (desktop and/or mobile) giving you the option to allow or deny the identification of the device itself (so-called geolocation). You are free to consent to or refuse this setting without any consequences on the functionality of the Website. Data related to the device’s location will not be collected and/or stored by the Data Controller in any way. The legal basis for processing is the legitimate interest of the Data Controller in providing services relevant to the user’s location. This legitimate interest is equivalent to the user’s interest in receiving services that are as relevant as possible to their location.

The processing of your personal data will mainly be carried out with the aid of electronic or otherwise automated means, using methods and tools suitable to ensure its security and confidentiality in accordance with the GDPR.

The information collected and the processing methods will be relevant and not excessive in relation to the types of services provided. The data will also be managed and protected in environments with constant access control.

Your data may be communicated to:

• all those subjects (including Public Authorities) who have access to personal data by virtue of legal or administrative provisions;
• companies or third parties responsible for printing, enveloping, shipping, and/or delivery and/or collection of products purchased through the Website;
• postal offices, couriers, suppliers (e.g., drop shipping sales), or shipping companies responsible for delivering products purchased through the Website;
• banks and companies managing national or international payment circuits through which online payments for products purchased via the Website are made;
• companies, consultants, or professionals possibly responsible for installation, maintenance, updates, and, more generally, management of the hardware and software of the Data Controller or those used by the Data Controller to provide its services;
• external companies responsible for sending advertising communications on behalf of the Data Controller;
• employees and/or collaborators of the Data Controller;
• the company responsible for customer care activities;
• entities managing online payment transactions;
• entities responsible for repairing damaged products or those under the legal warranty of conformity;
• all those public and/or private subjects, natural and/or legal persons (such as legal, administrative, and tax consultancy firms, Judicial Offices, Chambers of Commerce, Labor Offices, etc.), when the communication is necessary or functional to properly fulfill legal obligations.

Your data will not be disseminated except in anonymous and aggregated form for statistical or research purposes.

The Data Controller of personal data can be contacted using the following contact details:

73, Ripa di Porta Ticinese Milano, Italy 20143

Phone: +39 _______________

Email: info@ecliss.it

Through the contact form available on the Website.

Personal data will be retained according to the following criteria: (i) for marketing purposes, until consent is withdrawn. For inactive users, personal data will be deleted one year after the last email viewed, if any; (ii) for the purpose of fulfilling the sales contract, for 10 years from the date the purchase order is received; (iii) for legal defense purposes, until the final judgment is rendered; (iv) for compliance with legal obligations, for as long as required by applicable regulations; (v) for the purpose of executing any service requested via the Website, for the time necessary to fulfill the request

Pursuant to Article 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:

• request from the Data Controller access to your personal data and the rectification or erasure of such data, or the restriction of processing concerning you, or to object to the processing, as well as the right to data portability;
• withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
• lodge a complaint with a supervisory authority (e.g., the Data Protection Authority).

These rights may be exercised by submitting a request to the Data Controller using the contact details provided above, without any formal requirements.

The Data Controller reserves the right to make changes to this privacy policy at any time, duly informing users of the Website and, in any case, ensuring adequate and equivalent protection of personal data. To stay informed about any updates, you are encouraged to regularly review this policy.