Privacy Policy

1. Introduction

1.1.  The issue of your confidentiality is fundamental to us. For this reason we protect your privacy with the most advanced practices and technologies. Our aim is to ensure that your personal data is always processed only to the extent and for the purposes necessary, in accordance with current legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation) (hereinafter the " GDPR ").

1.2.  The owner of the processing of personal data is ELDO s.r.l. (Company Register n.REA: AV - 206764), hereinafter "we" or the "Owner" or the "Operator".

1.3.  The purpose of this Privacy Policy (hereinafter the "Policy") is to inform the user of his rights in relation to the processing of personal data and the methods and extent of processing of the same when using the websites managed by the Owner (hereinafter the "     Websites "), including the use of the Websites by unregistered users, 
- for the purchase of goods or services in the e-shop of   (hereinafter " E-SHOP "), 
- for the exercise of the rights and obligations deriving from the contractual relationship between the user and the Data Controller, 
- for the use of your USER ACCOUNT (hereinafter "USER ACCOUNT"), - or for the use of other services and Websites managed by the Data Controller or by any company associated through ownership or personnel with the Data Controller (hereinafter the "SERVICES").

If you are not clear how we process your personal data under this Policy, please contact us at any time. The  contact details  of the Data Controller are as follows: ELDO s.r.l., mail:  -  Telephone: +39 0827196453

Potremmo aggiornare la presente Privacy Policy di volta in volta pubblicando una nuova versione online. Ti suggeriamo di controllare periodicamente questa pagina per esaminare eventuali modifiche, in ogni caso, qualora dovessimo apportare modifiche sostanziali, le comunicheremo dandone evidenza attraverso i nostri blog e/o newsletter oppure provvedendo una specifica notifica all’accesso. 

2. Sources and categories of personal data processed

2.1. The Owner processes the personal data provided by the user or collected by the Owner during registration on the Websites, use of them, and execution of his order.

2.2.  The Data Controller processes, in particular, the user's identification and contact data, descriptive data provided voluntarily, data relating to orders and their execution, data relating to the use of the SERVICES and access data.

3. Purpose, legal basis and duration of the processing of personal data

3.1.  We process your personal data for the following purposes:

A) Use of the Websites

The legal basis for the processing of personal data is the exercise of the Operator's contractual rights and obligations arising from Terms and conditions of use (hereinafter the "Terms and Conditions". In particular, we are committed to making the browsing experience on the Websites as high quality and easy to use as possible. In this regard, we process data that may be of a personal nature, including, but not limited to, data relating to your visit to the Websites and the history of visits to the Websites, information relating to your browser settings, resolution screen, internet connection, etc.

B) Customer account management - USER ACCOUNT

The legal basis for the processing of personal data is the exercise of the Operator's contractual rights and obligations arising from Terms and conditions of use. To maintain the customer account - USER ACCOUNT, registration is required, during which identification, contact and other data that the user provides or subsequently adds or modifies in his user account are processed.

We process the data you provide for the duration of your USER ACCOUNT - and for 3 years after its termination.

The legal basis for the processing of personal data is the processing of an order for goods or services and the exercise of the rights and obligations arising from the contractual relationship between the user and the Data Controller pursuant to the Terms and conditions of use  (hereinafter “General Terms and Conditions”), as well as the fulfillment of the related legal obligations. Orders require the personal data necessary for the correct processing of the order (name, address, place of residence and postal address, contact details, etc.). The provision of personal data is a necessary requirement for the stipulation and execution of a contract; without the provision of personal data the contract cannot be stipulated or executed by the Data Controller.

The personal data provided are processed for a period of 5 years from the date of the last order placed on the E-SHOP.

D) Provision of other SERVICES

The legal basis for the processing of personal data is the execution of the Operator's contractual rights and obligations deriving from the terms and conditions applicable to the relevant SERVICE. For this purpose, we process in particular identifying data such as your name, contact data such as your address, e-mail and descriptive data such as your order number, identification of your device, etc.

We process personal data for this purpose for a period of 5 years from the last access to the relevant SERVICE.

E) Provision of customer support services

The legal basis for processing personal data for customer support services is, if you are our customer and have provided us with your order number when requesting customer support, the legitimate interest in resolving technical and commercial issues relating to the products purchased. If you are not our customer, the legal basis for the processing of personal data for the provision of customer support services is your  consent, which you give by contacting customer support by filling in the requested data through the online communication tool available on the Websites. For customer service purposes, we process identifying data such as your name, contact data such as your email address and, as applicable, descriptive personal data such as your order number or purchase history.

We process the personal data you provide for a period of 5 years starting from the last activity in resolving a customer service request.

F) Sending newsletters and other commercial communications

In the case of registered users, the legal basis for sending the newsletter is the legitimate interest of the Operator. In the case of unregistered users, the legal basis for sending the newsletter is the consent given by filling in the e-mail address and sending the request to receive commercial communications from the Websites managed by the Data Owner. For the purposes of sending commercial communications, we use the e-mail address provided by the user, which we keep for a period of 10 years from its provision. 
G) Fulfill your obligations under the Terms of Service.

3.2.  The Data Controller will delete the personal data upon expiry of the retention period.

3.3.  The Data Controller does not carry out automated individual decision-making or user profiling pursuant to Article 22 of the GDPR.

4.Your rights in relation to the processing of personal data

4.1.  Under the GDPR, you have the following rights as a data subject:

  • the  right of access to your personal data  pursuant to Article 15 of the GDPR;
  • the  right to rectification of personal data  pursuant to Article 16 of the GDPR, or to restriction of processing pursuant to Article 18 of the GDPR;
  • the  right to erasure of personal data  pursuant to Article 17 of the GDPR. However, the Data Controller declares that, following the exercise of the right to erasure of personal data, the processing of such personal data is necessary for the fulfillment of financial, tax and other legal obligations to which the Data Controller is subject, as well as for the establishment, exercise or defense of legal claims, continues after the Data Controller has exercised your request;
  • the  right to object, pursuant to Article 21 of the GDPR, to processing on the basis of legitimate interest or for direct marketing purposes;
  • the  right to data portability  pursuant to Article 20 of the GDPR;
  • the  right to withdraw consent  to the processing of personal data at any time;
  • the  right to unsubscribe from receiving commercial communications, i.e. to revoke consent to the relevant processing of personal data through the link included in the communications;
  • the  right to receive a copy of the standard contractual clauses  stipulated by the Data Controller pursuant to Article 46 of the GDPR.

4.2.  To exercise the above rights, you can use the  website form , or you can contact us using the contact details indicated in point 1.3.

4.3.  You can also lodge a complaint at any time directly with the Data Protection Office or any supervisory authority of the relevant Member State of the European Union (EU) or the European Economic Area (EEA).

5. Transfer of personal data to third parties

5.1.  You acknowledge that personal data may be transferred to third parties, including, by way of example and not limited to, to subjects who:

  • participate in the delivery of goods or the provision of services;
  • participate in or carry out the execution of payments under a contract;
  • provide services for the operation of the E-SHOP and other services in relation to the operation of the E-SHOP and the Websites;
  • provide customer support services;
  • provide marketing services.

5.2.  With the exception of the recipients and categories of recipients indicated in this Policy, and in particular in the previous paragraph, the Data Controller does not transfer, on a regular basis, personal data to countries outside the European Economic Area (" EEA ") or to international organisations. In cases where personal data is transferred to countries outside the EEA, the Data Controller will take all measures required by generally applicable European data protection law to ensure adequate protection of personal data, in particular through contractual clauses data protection standards adopted by the European Commission (or by the supervisory authority and subsequently by the European Commission), which it will provide for contractual arrangements with each relevant recipient of personal data. In particular, it seems necessary to point out that, according to recent interpretations provided by some European supervisory authorities, the use of Google Analytics could lead to the transfer of the user's personal data to the United States, whose legal regime does not guarantee a level of protection equivalent to that in force within the European Union in compliance with the GDPR. By accepting the placement of Google Analytics cookies, therefore, the user is aware of the possible risks of such transfer, in any case not requested or authorized by the Data Controller, due to the lack of an adequacy decision pursuant to Article 45, par. 3 of the GDPR, or adequate guarantees pursuant to Article 46 of the GDPR.

5.3.  The processing services used, including marketing and support tools:

  • Google Analytics - tracks cookies and web usage
  • Google Adwords - tracks cookies and web usage
  • Facebook - tracks cookies and web usage
  • Pinterest - tracks cookies and web usage
  • Reddit - tracks cookies and web usage
  • - tracks cookies and web usage
  • - tracks cookies and web usage
  • Mailchimp - tracks cookies and web usage
  • - tracks cookies and web usage
  • - tracks cookies and web usage
  • -tracks purchase conversions and emails for the "Customer Invitation" service.

5.4.  The Websites may also contain other links and features to third-party websites and services and social networks, such as Facebook, Pinterest, Twitter, Instagram, etc. which may, if you decide to use them, process your personal data such as your IP address, the history of pages you have visited or may store cookies or other technical means on your device, such as Facebook pixel, etc. The processing of your personal data in this case is governed by the policies adopted by the operators of these sites, services and social networks, available on their websites.

5.5.  All personal data processed by the Data Controller may also be transferred to recipients who are other companies in the group. The legal basis for sharing personal data by our Group companies is the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the GDPR; this legitimate interest of the Data Controller consists of the interest in the transfer of personal data within the group of companies for internal administrative tasks in accordance with this Privacy Policy.

 In addition to the uses identified elsewhere in this Privacy Policy, we may use your personal information to: improve your browsing experience by personalizing websites and improve our digital platforms collect and process statistical information about users of our platforms and sites web. This information will never be used to identify individual users/users without specific consent.

5.7. We employ other companies and people to provide services to visitors to our websites, digital platforms and subscription services. Examples may include, data analysis, marketing assistance, issuing tax documents, processing of information provided for service improvement, customer support etc. In all cases in which we share your information with these companies and individuals, we explicitly require them to acknowledge and adhere to our privacy and customer data policy.

6. The security conditions of personal data

6.1.  The Data Controller declares to have implemented all appropriate technical and organizational measures for the protection of personal data.

6.2.  The Data Controller has adopted technical measures to ensure data security and storage of personal data on paper, including, in particular, protected/encrypted access to the Internet, encryption of customer passwords in the database, updating regular system backup and regular system backup.

6.3.  The Data Controller declares that only persons authorized by the Data Controller will have access to the personal data.

7. Cookie

7.1.  In order to improve the quality of the SERVICES and facilitate their use, in particular to analyze traffic and user behavior on the Websites, to personalize advertising and to make social media functions more accessible, the SERVICES use cookies or other technical means stored on your end device (hereinafter the "cookies"). Cookies can be saved directly by the Data Controller, or they can be third-party cookies (see the recipients in paragraph 5.3 of this document). These files cannot directly contain personal data, but, together with other data, can acquire the nature of personal data.

7.2.   The list of cookies processed and their subdivision into individual categories which include strictly necessary cookies, which must always be processed for the correct functioning of websites, and targeting cookies, to which the user can give their consent, are available here: cookie policy.

8. Final provisions

8.1.  This Privacy Policy constitutes an integral part of Terms and conditions of use, and of  Terms and Conditions of the Lo Russo Retractors E-SHOP.