Informativa Privacy - Elica Club
INFORMATION ON THE PROCESSING OF PERSONAL DATA – “ELICA CLUB”
Below is the information on the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) related to the registration of the retail outlet to “Elica Club” and its management. For all information regarding Elica Club, please consult the “Elica Club” regulations at https://www.elica.com/IT-it/regolamento-elica-club.
1. Data Controller
Elica S.p.A. – Via Ermanno Casoli, n. 2, 60044 Fabriano (AN), VAT No. AN 00096570429, certified email: elicaspa@sicurezzapostale.it, Phone: +39‑07326101 (hereinafter “Company” or “Controller”).
2. Data Protection Officer
The Company has appointed a Data Protection Officer (“DPO”), who can be contacted at dpo@elica.com.
3. Categories of Personal Data Processed
The Company will process personal data such as, by way of example and not limited to, first name, last name, job title, company affiliation, corporate email, and password (“Data”).
4. Purpose of Processing
The Data will be processed by the Company for the following purposes:
a) To allow the retail outlet to register with Elica Club and enjoy associated benefits, depending on the program they join, governed by specific terms and conditions;
b) Generic marketing: if consent is given, sending commercial communications via email, automated systems, or phone about offers, discounts, promotions, and updates;
c) Profiled marketing: with further consent, profiling through analysis of interests for personalized commercial communications;
d) Research and statistical analysis of aggregate data to guide the Company’s strategic decisions;
e) Protecting the Company’s rights in case of disputes, both in and out of court.
5. Legal Basis
The legal bases for processing include:
- a) execution of precontractual or contractual measures at the request of the data subject (Art. 6(1)(b) GDPR);
- b) and c) consent (Art. 6(1)(a) GDPR);
- d) legitimate interest (Art. 6(1)(f) GDPR);
- e) legitimate interest (Art. 6(1)(f) GDPR).
6. Data Retention Period
Data retention periods are:
- a) Until the retail outlet deletes its account or is inactive for 12 months (with 30 days’ notice prior to deletion);
- b) and c) Until consent is revoked or the relationship ends; records of interactions kept for 5 years;
- d) For as long as needed to achieve the purpose, or until objection; aggregated/anonymous data may still be used;
- e) For the duration of any disputes, until final settlement period ends.
Afterward, Data will be deleted or anonymized, including backups.
7. Data Provision
Providing Data marked with an asterisk (*) is mandatory; refusal or incorrect information will prevent registration. Non-asterisk fields are optional. Consent-based processing is optional and can be revoked at any time. Legitimate-interest processing is also optional, and the data subject may object.
8. Data Recipients
Data may be shared with independent data controllers such as supervisory authorities. Data may be processed by service providers (data processors) such as website maintenance, marketing communications, call centers, and CRM services. A full list is available at privacy@elica.com.
9. Authorized Personnel
Data may be processed by authorized employees who have received GDPR training and instructions (Art. 29 GDPR; legislative decree 196/2003, as amended).
10. Data Transfer
Data is not transferred outside the EU. If it ever is, safeguards under Art. 46 GDPR (e.g., standard contractual clauses) plus any supplementary measures, will be applied.
11. Rights of the Data Subject & Lodging Complaints
The data subject may contact the Company at privacy@elica.com to:
- Access, erase, rectify, supplement, or limit processing (Art. 18 GDPR);
- Request data portability (if automated means are used);
- Object to processing based on legitimate interest;
- Withdraw consent at any time using unsubscribe links or via the reserved area.
The Company may request identification if necessary. The data subject also has the right to file a complaint with the supervisory authority in their EU country of residence, work, or where the alleged violation occurred.
