PRIVACY POLICY AND INFORMATION NOTICE REGARDING THE WEBSITE:

https://www.elesa.com/en/elesab2bstoreuk

ELESA (UK) LTD pursuant to Articles 13 and 14 of the retained EU General Data Protection Regulation 2016/679 (hereinafter “EU GDPR”) and the Data Protection Act 2018 provides hereunder some information relating to the processing of your personal data when you are using the website: https://www.elesa.com/en/elesab2bstoreuk (hereinafter also the “Site”). This privacy policy aims to give you information on how Elesa collects and processes your personal data through your use of the Site, including any data you may provide through the Site when you sign up to a newsletter or purchase a product or service.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

1. Contact details of the Controller

Full name of legal entity: ELESA (UK) LTD

Email address: privacy@elesa.co.uk

Postal address: 26 Moorlands Estate LN4 3HX Metheringham, Lincolnshire - UK

[Telephone number:] +44 (0) 1526 322670

(hereinafter also “Controller” or “Elesa” or “we” or “us”).

We have appointed a [data protection officer (DPO) OR data privacy manager] who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the [DPO OR data privacy manager] using the details set out below.

You have the right to lodge a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

2. Personal Data processed

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Through the Site, the Controller gather the following kind of data:

  • Navigation data: The information systems and software procedures relied upon to operate the Site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This category of data includes for example browsing data, such as IP address, name and domain of computers in use by the users connecting to the website, URI (Uniform Resource Identifier) address of requested resources, time of the request, method used for request submission to the server, response file dimension, numerical code of server response status (success, error, etc.) and any other parameter related the operating system and the computer environment of the user.

  • Identity and Contact data: e.g. last name, first name, e-mail address, telephone number, login data (username and password);

  • Financial data: e.g. bank account information and payment card details;

  • Purchase Data: e.g. data related to online purchases of products or services.

  • Location data: For providing you with more precise and useful services, the Controller may ask you to enter your address, your postcode in order to send the purchased products, or simply the country if you want to talk with a call center in order to ask for information.

    Alternatively, and under your previous and explicit consent, your navigation software on Internet ("Browser") may share with the Site an approximation of your geographic location through information on wireless access points close to you and on your device IP address.

    In both cases, this optional use of personal data is extremely useful for providing you with even more useful Elesa services. If you think that sharing your approximate location through your Browser is invasive, you may revoke your consent at any time by changing your Browser's settings (or the settings of your operating system). To have more information we invite you to read the specific privacy notice of your Browser.

  • Cookies: set on the Site as further described in the Cookie Policy (https://www.elesa.com/en/elesab2bstoreuk/cookies--1)

3. Data processing purposes, legal basis for processing data and data retention period

We collect and use your data for the following purposes:

3.1 "Registration" to the Site and creation of an account:

Despite browsing on the Site is free, it is possible to take advantage of some of the online servicesonly after having logged into the customer area. The registration process consists in the completion of an online form in order to set up the log in credentials (username/e-mail and password).

Legal basis: the need to execute a request of the data subject and to pursue contractual obligations.

Please note that data marked with an asterisk (*) in the registration form must be provided in order to put in place and execute the contract; therefore, any refusal to provide such data will block the registration on the Site. A refusal to provide data makes these services impossible.

Data retention period:

3.1 Until you delete the account.

3.2 Legal obligations:

Fulfillment of obligations or exercise of rights under national or UK law.

Legal basis: the need for compliance with a legal obligation to which the controller is subject.

Please note that data provision is mandatory to fulfill legal obligations.

3.2 For the period required by the specific legal obligation set forth by the applicable law.

3.3 Sending promotional newsletter:

Sending of promotional communication and contents by e-mail. Personal data is voluntarily submitted by the user by inserting the e-mail address into the relevant form.

Legal basis: Consent (which is optional and can be withdrawn at any time).

Please note that providing an e-mail address is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send newsletters.

3.3 Until you unsubscribe from the newsletter through the link at the bottom of every e-mail sent to you or until the consent is withdrawn.

3.4 Sending catalogues:

Sending of our catalogue to a user who requests it by inserting his/her data into the dedicated form.

Legal basis: Execution of the contract involving the data subject.

Please note that providing personal data is necessary for the requested service, therefore a refusal to provide this information means it will not be possible to send you our catalogues.

3.4 For the duration of the service or until you request to be unsubscribed.

3.5 Online purchase of products:

The data collection (name, surname, e-mail, billing and shipping addresses, telephone number, payment information) is due to fulfill the purchasing made though the Site, in particular to guarantee the correct order execution and shipping (and related billing), as well as sending communications to the user regarding his/her transactions.

Legal basis: the need to execute a request of the data subject and to pursue contractual obligations.

Providing your data is compulsory for this purpose. A refusal to provide data means it will not be possible for you to buy through our Site.

Data marked with an asterisk (*) in the data collection form must be provided to be able to put in place and execute the contract; therefore, any refusal to provide such data will block the use of this service.

3.5 Contractual duration (including for example, the term necessary to deliver the products purchased) and, after termination, for the ordinary limitation period of 10 years.

3.6 If necessary, to ascertain, exercise and/or safeguard Controller rights in legal proceedings:

Personal data processed in order to provide our services may be retained for a longer period as it may be necessary to protect our interests against potential liability related to the provision of the services.

Legal basis: Legitimate interest.

3.6 In case of judicial litigation, for its entire duration, up to the expiration of the terms for appeal.

3.7 Requests for information or contact and "Request for technical drawings" service:

Personal data provided to request information, contact or technical drawings service will be processed to contact you or for answering to your requests for information about Elesa and/or its products/services.

Legal basis: the need to execute a request of the data subject.

Please note that providing personal data is necessary for the service requested, therefore a refusal to provide this information means it will not be possible to contact you.

3.7 The data will be processed for only the time strictly necessary to process the request and subsequently will be destroyed or made anonymous.

3.8 Marketing:

Sending business/promotional communication through automatic contact methods (e.g. e-mail, SMS or MMS) and conventional methods (e.g. by post and telephone calls with operators) on Elesa products/services and their partner (without transferring data), customer satisfaction surveys, market research and statistical analyses;

Legal basis: your Consent, which is optional and can be withdrawn at any time.

Data provisioning for this purpose is optional.

3.8 Until revocation of the consent

Details of purchases: 24 months from the date of data collection

3.9 Profiling marketing:

Analysis of your purchasing preferences, habits, behaviors and interests through the evidences of your previous purchases or through the use of cookies (browsing analysis, monitoring of selected products and virtual shopping cart) with the aim of sending customised commercial communications/offers/services fitting your requirements.

Legal basis: your consent, which is optional and can be withdrawn at any time.

Data provisioning for this purpose is optional.

3.9 Until revocation of the consent

Details of purchases: 12 months from the date of data collection

3.10 Prevention of abuse/fraud

Navigation data could be used to prevent and detect fraudulent activities or misuse of the Site (for potentially criminal purposes), for ascertaining responsibilities in the potential case of cybercrimes against the Site, allowing the Controller to defend themselves in subsequent legal proceedings that may arise.

Legal basis: Legitimate interest.

3.10 Data will be retained for as long as deemed strictly necessary to fulfil the purposes for which it was collected and until the Controller have to keep it in order to defend themselves in subsequent legal proceedings that may arise, or communicate this data to Public Authorities, as may be requested.

3.11 Site management

Navigation data is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.

Navigation data is used only to obtain anonymous statistical information on the usage of the Site and to check its correct working.

Legal basis: Legitimate interest.

3.11 Data are deleted immediately after being processed.

3.12 Cart Sharing Service

This service permits the user, who has added products to the cart, to share it with another person, together with a specific message (created by the user).

Legal basis: it is necessary to process the data entered by the user-sender requesting the sharing of the cart (name and e-mail address, as well as the information contained in the cart and in the message) for the performance of a contract to which the user is a party or in order to take steps adopted at their request prior to entering into a contract.

The recipient's data (i.e. the e-mail address entered by the sender), the legitimate interests (interest in correctly carrying out the sender's request and providing the service).

The data will be kept for the time necessary to process the request and in any case for a maximum period of 3 years, notwithstanding the need to keep them longer to protect the position of the Data Controller in the event of a dispute or if the law requires it.

Once the aforementioned retention periods have elapsed, data will be destroyed or made anonymous compatibly with technical erasure and backup procedures.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. Categories of recipients

Data may be communicated to parties operating as controllers, such as supervisory and regulatory authorities and, more generally, public or private entities, legally authorised to request data.

Data may be processed, on Controllers’ behalf, by external entities appointed as processors, who are provided with suitable operating instructions such as for example:

  • hosting providers or e-mail platform/service providers;
  • companies authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks);
  • companies that provide management services of the Site

5. Persons authorised to process personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Data may be processed by employees in Controllers’ departments who are responsible for carrying out the activities outlined above, have been authorised to process such data and have received suitable operating instructions.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Your rights

By contacting the Controller at via e-mail to (privacy@elesa.co.uk), data subjects may ask at any time to access his/her personal data, to erase data, to rectify inaccurate data, to integrate incomplete data, to restrict processing in the cases provided for by art. 18 EU GDPR, as well as to object to processing, for reasons related to his or her particular situation, in the cases of processing based on legitimate interest of the Controller.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

The data subject has the right to object where personal data is processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.

You may always withdraw your consent at a later stage, without prejudice for the processing lawfully carried out before such withdrawal (e.g. for marketing and profiling purposes).

Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.

7. Changes to the privacy policy and your duty to inform us of changes

We reserve the right to amend this privacy policy and will notify you by updating this policy, so please check it from time to time, especially if you have ongoing dealings with us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.