INFORMATION NOTICE REGARDING THE WEBSITE:

https://www.elesa.com/en/elesab2bstoreno


ELESA SCANDINAVIA AB pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter "GDPR"), provide hereunder some information relating to the processing of your personal data when you are using the website: https://www.elesa.com/en/elesab2bstoreno (hereinafter also the "Website").

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Data Controller

ELESA SCANDINAVIA AB, VAT SE556639028101, CRN 556639-0281, which is registered in Sweden, at the address Djupdalsvägen 27, SE-192 51 Sollentuna, e-mail info@elesa.se, telephone +46 8 444 4430 (hereinafter, (hereinafter also “Data Controller” or “Elesa”).

1. Personal Data processed

Through the Site, the Data Controller gather the following kind of data:

  • Navigation data: The information systems and software procedures relied upon to operate the Site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This category of data includes for example browsing data, such as IP address, name and domain of computers in use by the users connecting to the website, URI (Uniform Resource Identifier) address of requested resources, time of the request, method used for request submission to the server, response file dimension, numerical code of server response status (success, error, etc.) and any other parameter related the operating system and the computer environment of the user.

  • Identity and Contact data: by way of example all the information required for the services provision (such as the registration to the Website) and in particular, last name, first name, e-mail address, telephone number, login data (username and password), address, etc;

  • Financial data: e.g. bank account information and payment card details;

  • Purchase Data: e.g. information relating to quotation requests (in particular, company, address, optional telephone number, and selected products) or online purchases of products or services (in particular, delivery address, billing details, and selected product). You can use the Elesa e-commerce platform either as a registered user or as a guest user to make purchases and as a registered user only to request quotations.

  • Location data: For providing you with more precise and useful services, the Controller may ask you to enter your address, your postcode in order to send the purchased products, or simply the country if you want to talk with a call center in order to ask for information.

    Alternatively, and under your previous and explicit consent, your navigation software on the Internet (“Browser”) may share with the Website an approximation of your geographic location through information on wireless access points close to you and on your device’s IP address.

    In both cases, this optional use of personal data is extremely useful for providing you with even more useful Elesa services. If you think that sharing your approximate location through your Browser is invasive, you may withdraw your consent at any time by changing your Browser’s settings (or the settings of your operating system). To receive more information, we invite you to read the specific privacy notice of your Browser.

  • Cookies: set on the Website as further described in the Cookie Policy https://www.elesa.com/en/CatalogoPagineStaticheVarieNO/cookies--1.

More details on data processed are specified in the following paragraph (for each processing purpose).

2. Data processing purposes, legal basis for processing data and data retention period

Elesa collects and uses your data for the following purposes:

“Registration” to the Website and creation of an account:
For the use of certain services offered on the Website, registration may be required. The registration process consists in the completion of an online form in order to set off the log in credentials (username/e-mail and password).

Legal basis: the need to execute a request of the data subject and to pursue contractual obligations (art. 6, par. 1 (b) GDPR).
Please note that data marked with an asterisk (*) in the registration form must be provided in order to put in place and execute the contract and to use the services provided for in the Website (e.g. online sales) therefore, any refusal to provide such data will block the registration on the Website. A refusal to provide data makes these services impossible.		 Data retention period:
Until you delete the account.
Online quotation requests and purchase of products:
The data collection is due to fulfill the quotation request (e.g. name, surname, e-mail, optional telephone number)/purchase (e.g. name, surname, e-mail, billing and shipping addresses, telephone number, payment information) made though the Site, in particular to guarantee the correct quotation/order execution and shipping (and related billing), as well as sending communications to the user regarding his/her quotation requests/transactions.

Legal basis: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6, par. 1 (b) GDPR).
Providing your data is compulsory for this purpose:
Quotations requests: Data in the registration form must be provided since the quotation service is available for registered users only; therefore, any refusal to provide such data means it will not be possible for you to request quotations through the Website.
Purchases: Data marked with an asterisk (*) in the data collection form must be provided to be able to put in place and execute the purchasing contract; therefore, any refusal to provide such data means it will not be possible for you to buy through the Website.		 Quotation requests: The Data will be kept until the end of the validity of the quotation and, after termination, for the general limitation period of 10 years.

Purchase: The Data will be kept for the contractual duration (including for example, the term necessary to deliver the products purchased) and, after termination, for the general limitation period of 10 years.
Cart Sharing Service:
This service permits the user, who has added products to the cart, to share it with another person, together with a specific message (created by the user).

Legal basis: it is necessary to process the data entered by the user-sender requesting the sharing of the cart (name and e-mail address, as well as the information contained in the cart and in the message) for the performance of a contract to which the user is a party or in order to take steps adopted at their request prior to entering into a contract (Art. 6, par. 1(b) GDPR).
The recipient's data (i.e. the e-mail address entered by the sender), the consent provided to the sender pursuant to Art. 6, par. 1(a) GDPR.		 The data will be kept for the time necessary to process the request and in any case for a maximum period of 3 years, notwithstanding the need to keep them longer to protect the position of the Data Controller in the event of a dispute or if the law requires it.
Legal obligations:
Fulfillment of obligations or exercise of rights under national or EU law.

Legal basis: the need for compliance with a legal obligation to which the data controller is subject. (art. 6, par. 1 (c) GDPR).
Please note that data provision is mandatory to fulfill legal obligations.		 For the period required by the specific legal obligation set forth by the applicable law.
Sending promotional newsletter:
Sending of promotional communication and contents by e-mail. Personal data is voluntarily submitted by the user by inserting the e-mail address into the relevant form.

Legal basis: Consent (which is optional and can be withdrawn at any time). (art. 6, par. 1 (a) GDPR).
Please note that providing an e-mail address is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send newsletters.		 Until you unsubscribe from the newsletter through the link at the bottom of every e-mail sent to you or until the consent is withdrawn.
If necessary, to ascertain, exercise and/or safeguard Data Controller rights in legal proceedings:
Personal data processed in order to provide our services may be retained for a longer period as it may be necessary to protect our interests against potential liability related to the provision of the services.

Legal basis: Legitimate interest. (art. 6, par. 1 (f) GDPR).		 In case of judicial litigation, for its entire duration, up to the expiration of the terms for appeal.
“Request technical drawings” service:
Personal data provided by completing the form “Request technical drawings” will be processed for answering to your requests for related services provided by Elesa.

Legal basis: the need to execute a request of the data subject. (art. 6, par. 1 (b) GDPR).
Please note that providing personal data is necessary for the service requested, therefore a refusal to provide this information means it will not be possible to provide you the service.		 The data will be processed for only the time strictly necessary to process the request and subsequently will be destroyed or made anonymous.
Marketing:
Sending business/promotional communication through automatic contact methods (e.g. e-mail, SMS or MMS) and conventional methods (e.g. by post and telephone calls with operators) on Elesa products/services and their partner (without transferring data), customer satisfaction surveys, market research and statistical analyses.

Legal basis: your Consent, which is optional and can be withdrawn at any time. (art. 6, par. 1 (a) GDPR).
Data provisioning for this purpose is optional.		 Until the consent is withdrawn.
Profiling marketing:
Analysis of your products preferences, habits, behaviours and interests through the evidence of your previous purchases and quotation requests or through the use of cookies (browsing analysis, monitoring of selected products and virtual shopping cart) with the aim of sending customised commercial communications/offers/services fitting your requirements.

Legal basis: your consent, which is optional and can be withdrawn at any time. (art. 6, par. 1 (a) GDPR).
Data provisioning for this purpose is optional.		 Until the consent is withdrawn.

In any case, details of your products preferences, habits, behaviours and interests will be deleted every 12 months from the date of collection.
Sending catalogues:
Sending of the catalogue to user who request it by inserting his/her data into the dedicated form.

Legal basis: Execution of the contract involving the data subject. (art. 6, par. 1 (b) GDPR).
Please note that providing personal data is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send you the catalogues.		 For the duration of the service or until you request to be unsubscribed.
Processing of information and contact requests
Personal data provided for any information requests, for example by completing the “Call me back” and “Contacts” forms, will be processed for the purpose of contacting the user or responding to his/her requests.

Legal basis: the need to execute a request of the data subject. (art. 6, par. 1 (b) GDPR).
Please note that providing personal data is necessary for the service requested, therefore a refusal to provide this information means it will not be possible to contact you or to answer your requests.		 The data will be processed for only the time strictly necessary to process the request and subsequently will be destroyed or made anonymous.
Prevention of abuse/fraud
Navigation data could be used to prevent and detect fraudulent activities or misuse of the Website (for potentially criminal purposes), for ascertaining responsibilities in the potential case of cybercrimes against the Website, allowing the Data Controller to defend themselves in subsequent legal proceedings that may arise.

Legal basis : Legitimate interest. (art. 6, par. 1 (f) GDPR).		 Data will be retained for as long as deemed strictly necessary to fulfill the purposes for which it was collected and until the Data Controller have to keep it in order to defend itself in subsequent legal proceedings that may arise, or communicate this data to Public Authorities, as may be requested.
Website management:
Navigation data is not collected in order to relate it to identified data subjects; however it might allow user identification per se after being processed and matched with data held by third parties
Navigation data is used only to obtain anonymous statistical information on the usage of the Website and to check its correct working.

Legal basis: Legitimate interest. (art. 6, par. 1 (f) GDPR).		 Data are deleted immediately after being processed.
Once the aforementioned retention periods have elapsed, data will be destroyed or made anonymous compatibly with technical erasure and backup procedures.

3. Categories of recipients

Data may be communicated to parties operating as controllers, such as supervisory and regulatory authorities and, more generally, public or private entities, legally authorised to request data.
Data may be processed, on Data Controller’s behalf, by external entities appointed as processors or sub-processor, who are provided with suitable operating instructions, i.e.:

  • hosting providers or e-mail platform/service providers.
  • companies authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
  • companies that provide management services of the Website.
  • companies that provide management services of newsletters
  • companies that provide services requested by users (e.g. request technical drawings).
  • Elesa S.p.A. which provides services to ELESA SCANDINAVIA AB, in particular with regards to the management of the website and marketing.

4. Persons authorised to process personal data

Data may be processed by employees in Controllers’ departments who are responsible for carrying out the activities outlined above, have been authorised to process such data and have received suitable operating instructions.

5. Data transfers to third countries

In case the aforementioned entities are based and operate in countries outside the European Union or the European Economic Area (i.e., transfer of data to "third" countries), where such countries have been deemed adequate by the European Commission the Data Controller will rely on an adequacy decision adopted by the European Commission such as “the data privacy framework” for data transfers to the USA. Where such countries have not been deemed adequate by the European Commission, one of the "transfer tools" referred to in Article 46 of the GDPR, such as standard contractual clauses, will be used.

Data may be processed by employees in Data Controller’s departments who are responsible for carrying out the activities outlined above and have been authorized to process the data and have received suitable operating instructions.

6. Your rights

By contacting the Data Controller via e-mail to info@elesa.se, data subjects may ask at any time to access their personal data, to erase data, to rectify inaccurate data, to integrate incomplete data, to restrict processing in the cases provided for by art. 18 GDPR, as well as to object to processing, for reasons related to their particular situation, in the cases of processing based on legitimate interest of the Data Controller.

The data subject has the right to object where personal data is processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.

You may always withdraw your consent at a later stage, without prejudice for the processing lawfully carried out before such withdrawal (e.g. for marketing and profiling purposes).

Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
In particular, You have the right to lodge a complaint at any time to the Norwegian Data Protection Authority (DPA).

The contact details of the Norwegian Data Protection Authority are: Datatilsynet (https://www.datatilsynet.no/en/).

We would, however, appreciate the chance to deal with your concerns before you approach the Norwegian Data Protection Authority so please contact us in the first instance.

7. Changes to the privacy policy and your duty to inform us of changes

We reserve the right to amend this privacy policy and will notify you by updating this policy, so please check it from time to time, especially if you have ongoing dealings with us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.