INFORMATION PURSUANT TO ART. 13 OF EU REGULATION 2016/679 – PERSONAL DATA PROTECTION CODE

The following describes how the site is managed with regard to the processing of the personal data of users who consult it.

Elisabet Srl is aware of the importance of protecting the confidentiality of personal data and is committed to complying with current privacy directives and regulations that guarantee safe and confidential internet browsing.

Users of the elisabet.it website (the "Site") who are interested in the processing of their personal data are invited to carefully read this document, which generally governs the rules that Elisabet Srl observes in collecting and processing personal data and, in particular, the methods and purposes of processing the personal data provided by the user through:

• browsing the Site,
• the use of the registration and contact forms present therein,
• making purchases of goods or using the services available and offered through the Site.

This information is also provided pursuant to art. 13 of EU Regulation 2016/679 on the protection of personal data to those who interact with the website of Elisabet Srl, the Data Controller, accessible electronically from the address elisabet.it .

This information also applies to all sites and services under the elisabet.it domain and not to other websites that may be accessed via links.

This policy is also based on national and European regulations, including Recommendation No. 2/2001 of the Article 29 Working Party on minimum requirements for online data collection in the European Union. This document identifies the minimum requirements for collecting personal data online, and, in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

The Data Controller

The Data Controller is Elisabet Srl, with registered office at Via I Maggio, 35 – 63813 Monte Urano (FM), Tax Code and VAT number IT02208680443, email: info@elisabet.it (example address: replace with the correct one if different).

General principles for the processing of personal data

The processing of personal data is based on the following principles:

• lawfulness, fairness and transparency;
• purpose limitation;
• data minimization;
• accuracy and timeliness;
• storage limitation;
• integrity and confidentiality;
• accountability of the Owner.

In particular, Elisabet Srl undertakes to:

• process the data exclusively for the purposes and according to the methods illustrated in this information;
• process data for purposes for which the prior consent of the interested party is required only in the presence of such consent;
• allow anonymous browsing in areas that do not require authentication, except for the automatic acquisition of browsing data;
• make data available to third parties only for purposes instrumental to providing the requested service or, where permitted by law, only with consent;
• respect the rights of data subjects, including requests for access, rectification, erasure, restriction, objection, and portability;
• ensure fair and lawful processing, safeguarding confidentiality and applying appropriate technical and organizational measures;
• ensure transparency by providing appropriate information when data is collected.

Types of data processed

“Personal data” means any information relating to an identified or identifiable natural person (Article 4 of EU Regulation 2016/679).

The data processed includes, by way of example:

• identification data (name, surname, personal and contact details);
• registration data collected through the Site (e.g., name, surname, email address, shipping/billing address, billing information, login credentials);
• data provided voluntarily by the user (contents of messages and communications, attachments, information entered in contact forms, requests for assistance, etc.);
• Browsing data (IP address, access logs, device identifiers, information on browser and operating system, pages visited, date and time of access, any errors).

Registration data

When registering on the Site and creating an account, as well as subsequently through the registration and contact forms, the user may provide Elisabet Srl with personal data that will be used to:

• allow the creation and management of the user account;
• manage orders and requested services;
• fulfill contractual and legal obligations related to purchases made;
• manage any requests for technical, commercial, or administrative assistance.

Data provided voluntarily by the user

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Site, as well as the completion of contact forms and information request forms, entail the subsequent acquisition of the sender's personal data (e.g., email address, name, surname), necessary to respond to requests, as well as any other personal data entered.

The user is required to provide accurate and up-to-date information and to avoid disclosing third-party data without authorization. If the user provides third-party personal data, he or she represents and warrants that he or she has the right to disclose such data to Elisabet Srl and that he or she has complied with the disclosure obligations and, where applicable, has obtained their consent.

Browsing data and system logs

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols:

• IP addresses or domain names of computers used by users connecting to the Site;
• URI/URL (Uniform Resource Identifier/Locator) of the requested resources;
• time of the request and method used to submit the request to the server;
• size of the file obtained in response;
• numeric code indicating the status of the response provided by the server (successful, error);
• other parameters relating to the user's operating system and computing environment.

This information is used solely to obtain anonymous statistical information on the use of the Site and to verify its proper functioning, and is deleted immediately after processing. The data may be used to determine liability in the event of cybercrime against the Site.

Purpose of processing data provided by users

The personal data provided through the Site are processed, based on the specific situation, for the following main purposes:

• management of user requests (information, estimates, assistance, commercial contacts);
• registration on the Site and creation of a user account;
• management of purchase orders and related administrative, accounting, and tax activities;
• fulfillment of legal, regulatory and legislative obligations;
• management of after-sales assistance activities;
• sending commercial and promotional communications (newsletters, marketing communications) with prior consent, where required;
• prevention and repression of illicit behavior, fraud, abuse or fraudulent activities;
• legal protection and litigation management.

Legal bases of the processing

The legal bases for the processing are, depending on the case:

• the performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b) GDPR);
• fulfillment of legal obligations (Article 6, paragraph 1, letter c) GDPR);
• the express consent of the interested party for specific purposes (e.g., newsletters, marketing, sending promotional communications);
• the legitimate interest of the Data Controller (e.g., site security, fraud prevention, protection of legal rights, improvement of the service).

Mandatory or optional nature of providing data

Providing the personal data requested in the forms marked "mandatory" is necessary to provide the requested service (e.g., processing an order, responding to a request, creating an account). Failure to provide such data may make it impossible for Elisabet Srl to provide the requested service.

Providing data for other purposes (e.g., marketing, newsletters) is optional; failure to provide it will not affect the use of other services, but will prevent the Data Controller from sending promotional and/or informational communications about products, services, events, or initiatives.

Processing methods and storage times

Personal data is processed using electronic, telematic, and, where necessary, paper-based tools, in compliance with the security measures required by applicable legislation, with logic related to the purposes indicated.

The data is retained for the time strictly necessary to achieve the purposes for which it was collected and, subsequently, for the period established by applicable legislation (e.g., 10 years for the retention of accounting records).

In the case of consent-based processing, the data is retained until consent is revoked or until the maximum period indicated at the time of collection.

Scope of communication and data transfer

Personal data may be disclosed to third parties acting as independent Data Controllers or Data Processors, including:

• IT, hosting and Site maintenance service providers;
• logistics and freight forwarding companies;
• credit institutions and payment service providers;
• professionals and consultants (accountants, lawyers, etc.);
• group companies, commercial partners, distributors;
• authorities and supervisory and control bodies, upon legitimate request.

Personal data will not be disseminated indiscriminately. Any transfers to third countries (outside the EU/EEA) will be carried out in compliance with the requirements of the GDPR (e.g., adequacy decisions, standard contractual clauses, supplementary measures, etc.).

Rights of the interested party

Pursuant to Articles 15-22 of EU Regulation 2016/679, the interested party has the right, at any time, to:

• obtain confirmation of whether or not personal data concerning him or her exists;
• obtain access to personal data and related information;
• request the rectification of inaccurate data or the integration of incomplete data;
• request the deletion of data in the cases provided for by art. 17 GDPR;
• request restriction of processing in the cases provided for by art. 18 GDPR;
• object at any time to data processing based on the legitimate interest of the Data Controller;
• request data portability within the limits set forth in Article 20 of the GDPR;
• revoke consent, where given, without prejudice to the lawfulness of the processing carried out before the revocation;
• lodge a complaint with the Data Protection Authority.

Requests should be addressed to the Data Controller at the contact details indicated (email address, certified email, or postal mail).

Changes and updates

This policy may be subject to changes and updates. Any new versions will be published on the Site and will be applicable from the date of publication.

This site uses the Cookiebot service to manage consent to the use of cookies and to show the user an always updated declaration of the cookies in use on the Site.

You can consult the updated list of cookies used at any time and change your consent preferences using the following link:

For more information on how Cookiebot works and how it processes data related to the use of cookies, you can also consult the official Cookiebot documentation and our Privacy Policy.

INFORMATION ON THE PROCESSING OF PERSONAL DATA – CUSTOMERS

Elisabet Srl wishes to inform its customers about the processing of personal data. This information is provided in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable national data protection regulations.

Data controller

The Data Controller is Elisabet Srl, with registered office at Via I Maggio, 35 – 63813 Monte Urano (FM), Tax Code and VAT No. IT02208680443. For any inquiries regarding the protection of personal data, you can contact the Data Controller at the following numbers: telephone +39 0734 840019, email (example): privacy@elisabet.it (replace with the actual address, if different).

Data origin

The personal data processed are collected:

• directly with the interested party (customer), when establishing and managing contractual or pre-contractual relationships (e.g. requests for information, quotes, orders, contracts, correspondence);
• via the Website and digital channels (contact forms, site registrations, assistance requests, newsletters, etc.);
• possibly from public databases, public lists and registers, or authorised third parties (e.g. commercial information companies) to the extent permitted by law.

Categories of data processed

The data processed may include, by way of example:

• personal data (name, surname, date and place of birth);
• contact details (address, telephone number, email, certified email);
• tax and billing data (tax code, VAT number, bank details);
• data relating to contractual relationships, orders, payments, deliveries, complaints;
• any additional data necessary for the execution of the contract or for legal obligations.

Generally, the Data Controller does not request or process data belonging to special categories pursuant to Art. 9 of the GDPR (e.g., data relating to health, racial or ethnic origin, religious beliefs, etc.). If—in specific cases—it is necessary to process such data, specific information will be provided and, if required by law, explicit consent will be requested.

Purpose of the processing

Customers' personal data are processed for the following purposes:

1. management of contractual and pre-contractual relationships with customers (orders, contracts, supply of products and services, requests for information, pre- and post-sales support);
2. fulfillment of legal obligations in tax, accounting, administrative, anti-money laundering, sector-specific legislation and in general deriving from laws, regulations, EU legislation and provisions of the competent Authorities;
3. payment management, invoicing, debt collection, litigation, and legal action;
4. managing communications with customers (e.g. sending communications relating to contracts, deadlines, service updates, operational information);
5. direct marketing activities, sending commercial communications, newsletters, and promotional material relating to Elisabet Srl's products and services, via email, post, SMS, telephone, or other communication systems, subject to the interested party's consent where required;
6. statistical analysis, customer satisfaction monitoring, improvement of services offered, complaint management.

Legal bases of the processing

The legal bases for processing customers' personal data are, depending on the purposes:

• performance of a contract or pre-contractual measures at the request of the data subject (Article 6, paragraph 1, letter b) GDPR);
• fulfillment of legal obligations to which the Data Controller is subject (art. 6, par. 1, letter c) GDPR);
• legitimate interest of the Data Controller (e.g., legal protection, fraud prevention, efficient management of customer relationships, soft spam activities where permitted);
• consent of the interested party for marketing activities and promotional communications (Article 6, paragraph 1, letter a) GDPR).

Data provision

Providing the personal data necessary for managing contractual relationships, complying with legal requirements, and providing the requested services is mandatory. Failure to provide such data may make it impossible to conclude or execute the contract or provide the services.

Providing data for marketing purposes and sending promotional communications is optional. Failure to provide it will not affect your ability to receive the main services, but it will make it impossible to receive commercial communications and personalized offers.

Treatment methods

Processing is carried out using manual, electronic, and telematic tools, using methods strictly related to the purposes and in compliance with the security measures required by applicable legislation, aimed at ensuring the confidentiality, integrity, and availability of the data.

Storage times

Customers' personal data will be stored:

• for the entire duration of the contractual relationship and, subsequently, for the time necessary to fulfill legal obligations (e.g. document and accounting retention);
• for a further 10 years after the end of the relationship, for the purposes of legal protection and for the possible management of disputes and litigation;
• for marketing purposes, until consent is revoked or, in any case, for a maximum period indicated in the consent request, subject to further renewal.

Communication and dissemination of data

Personal data may be communicated to:

• duly authorized and trained internal personnel;
• professionals and consultants (e.g. accountants, lawyers);
• IT service companies, cloud service providers, hosting, information systems management and maintenance;
• credit institutions, payment service companies, debt collection companies;
• public authorities, supervisory and control bodies, where required by law or upon request.

The data will not be disseminated generally. Any transfers to third countries will be carried out in compliance with the provisions of Articles 44 et seq. of the GDPR.

Rights of the interested party

The interested party may exercise the rights provided for in Articles 15-22 of the GDPR (access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to the Supervisory Authority) by contacting the Data Controller at the contact details indicated.

Updates

This policy may be subject to change. The updated version is always available on the Website or upon request from the Data Controller.

INFORMATION ON THE PROCESSING OF PERSONAL DATA – SUPPLIERS

Elisabet Srl informs its suppliers, both natural and legal persons, that personal data is processed in compliance with Regulation (EU) 2016/679 and applicable national legislation.

Data controller

Elisabet Srl, Via I Maggio, 35 – 63813 Monte Urano (FM), CF and VAT number IT02208680443. Contact details: telephone +39 0734 840019, email (example) privacy@elisabet.it.

Data origin

The data is acquired mainly directly from the supplier, during the negotiation, conclusion and execution of contracts, orders, offers, communications, as well as during the performance of tasks and services.

In some cases, the data may come from third parties (e.g., public databases, commercial information, references), in compliance with the legislation.

Categories of data processed

The data processed includes, by way of example:

• identification and personal data of the natural person supplier;
• contact details (telephone, email, certified email, postal addresses);
• tax, banking and payment data;
• data relating to contracts, orders, deliveries, invoices, performances and services rendered;
• data of any supplier contacts (name, surname, role, professional contact details).

Purpose of the processing

The personal data of suppliers are processed for:

1. management of pre-contractual and contractual relationships (requests for quotation, orders, contracts, execution of supplies, performance management);
2. fulfillment of legal obligations of an accounting, fiscal, administrative and other nature;
3. payment management, as well as any verification, control and audit activities;
4. management of commercial relationships, including for the evaluation and selection of suppliers;
5. protection of the Data Controller's rights in court and management of any complaints or disputes.

Legal basis

The legal bases of the processing are:

• performance of pre-contractual and contractual obligations (Article 6, paragraph 1, letter b) GDPR);
• fulfillment of legal obligations (art. 6, par. 1, letter c) GDPR);
• legitimate interest of the Data Controller (internal organization, supply management, legal protection).

Data provision

Providing the requested data is necessary to manage the contractual relationship and comply with legal requirements. Failure to provide such data may make it impossible to establish or continue the supply relationship.

Methods of processing and storage

Processing is carried out using computer and paper-based tools, in compliance with the principles of security, integrity, and confidentiality, for the time strictly necessary to achieve the purposes indicated above and, in any case, for the legally required periods (e.g., 10 years for accounting documentation).

Data communication

The data may be communicated to:

• authorized internal personnel;
• consultants and professionals (e.g. accountants, lawyers);
• credit institutions, payment service companies;
• auditing firms, supervisory bodies;
• competent authorities, in compliance with legal obligations.

Rights of the interested party

The rights referred to in Articles 15-22 GDPR may be exercised by contacting the Data Controller at the addresses indicated.

Updates

Any updates to the information will be published on the Site or communicated to suppliers using appropriate means.

INFORMATION ON THE PROCESSING OF PERSONAL DATA – APPLICATIONS AND STAFF SELECTION

Elisabet Srl processes the personal data of candidates who submit their CVs or participate in job selection processes, in compliance with Regulation (EU) 2016/679 and national legislation.

Data controller

Elisabet Srl, Via I Maggio, 35 – 63813 Monte Urano (FM), CF and VAT number IT02208680443. Contact details: telephone +39 0734 840019, email (example) hr@elisabet.it.

Origin and nature of the data

Personal data is obtained mainly through:

• spontaneous submission of the CV by the candidate;
• participation in selection processes organized by Elisabet Srl or by appointed companies;
• third-party databases (e.g., recruiting portals, employment agencies) where the candidate has consented to the disclosure of their data.

The data processed generally includes: personal details, contact information, information on educational background, professional experience, skills, any references, and other information included by the candidate in their CV.

Special categories of data

In the CV or other documents, the candidate may also include special categories of data (e.g., data relating to health, trade union membership, religious or political beliefs). Such data will be processed only if strictly necessary for the selection purposes and in compliance with Article 9 of the GDPR, subject to obtaining explicit consent, where required.

However, candidates are advised not to include sensitive information in their CV that is not relevant to the position they are applying for.

Purpose of the processing

Candidates' personal data are processed for:

• evaluate the application and its consistency with open positions;
• manage selection activities (interviews, tests, references);
• any subsequent establishment of an employment or collaboration relationship;
• creation and management of a CV database for future compatible selections.

Legal basis

The legal bases of the processing are:

• execution of pre-contractual measures taken at the candidate's request (Article 6, paragraph 1, letter b) GDPR);
• fulfillment of legal obligations in the field of employment law and related regulations (Article 6, paragraph 1, letter c) GDPR);
• explicit consent, where necessary, for the processing of special categories of data (Article 9 GDPR);
• legitimate interest of the Data Controller in selecting suitable personnel (Article 6, paragraph 1, letter f) GDPR).

Data provision

Providing your data is optional but necessary for evaluating your application. Refusal to provide your data may prevent evaluation and possible selection.

Methods of processing and storage

Data is processed electronically and/or on paper, with appropriate security measures. Resumes received are retained for a maximum of 24 months from the last interaction with the candidate, unless an employment relationship is established or a different legal obligation exists.

Scope of communication

The data may be disclosed to internal personnel involved in the selection processes, to appointed personnel consulting and selection firms, as well as to other parties collaborating with the Data Controller in managing selections, in compliance with the principles of necessity and proportionality.

Candidate's rights

The candidate can exercise the rights provided by the GDPR (access, rectification, erasure, limitation, opposition, portability, complaint to the Guarantor) by contacting the Data Controller.

Updates

This policy may be updated periodically. The updated version is available on the Website or upon request.

INFORMATION ON DATA PROCESSING THROUGH VIDEO SURVEILLANCE

This information is provided pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") and the Provision of the Italian Data Protection Authority regarding video surveillance (8 April 2010 and subsequent amendments).

Data controller

Elisabet Srl, with registered office in Via I Maggio, 35 – 63813 Monte Urano (FM), Fiscal Code and VAT number IT02208680443, is the Data Controller of the personal data collected through the video surveillance systems installed at its offices.

Types of data processed

The data processed consists of images captured by video surveillance systems installed at company headquarters, internal and external areas, entrances, and transit areas.

Purpose of the processing

The recorded images are processed for the following purposes:

• protection of company assets and prevention of theft, damage, vandalism or other illegal acts;
• protection of the safety of people and property present on company premises;
• possible assessment of liability in the event of harmful or illicit events and support for the competent authorities.

Legal basis

Processing is necessary for the pursuit of the Data Controller's legitimate interest in protecting property and personal safety (Article 6, paragraph 1, letter f) of the GDPR), in compliance with the principles of proportionality and data minimization.

Treatment methods

The images are recorded and stored on protected digital media, with access permitted only to authorized personnel. They are not used for remote monitoring of workers, except to the extent permitted by law (Article 4 of Law 300/1970 and related legislation).

Storage times

Recorded images are retained for a period no longer than 7 days, except for longer periods in the case of particular security needs or at the request of the judicial or police authorities in relation to illegal activities.

Scope of communication

Images may be disclosed to the competent authorities (e.g., law enforcement agencies, judicial authorities) only in the event of unlawful events or upon explicit request.

Rights of interested parties

Interested parties may exercise the rights provided for in Articles 15-22 of the GDPR (to the extent compatible with the nature of the processing) by contacting the Data Controller. Any inability to provide copies of the images may be due to technical reasons (overwriting) or to protect third parties.

Simplified information

In compliance with current regulations, specific information signs have been posted near video-monitored areas to indicate the presence of cameras.