© Eliantus Corporation srl - Via Quintino Sella, 20 - 00187 Rome (Italy) - VAT / Tax Code: 16926501004 - N. Rea RM-1684378
Tel.: +39 0697606170
Terms and Conditions
Dear User,
pursuant to EU Regulation 2016/679 ("GDPR") regarding the protection of natural persons with regard to the processing of personal data, we wish to inform you that the personal data sent at the time of registration and/or purchase, as well as those obtained from visits and navigation on our Site, are processed lawfully, fairly, and transparently. This information notice is provided pursuant to and for the purposes of art. 13 GDPR.
DATA CONTROLLER
The data controller is Eliantus Corporation srl, VAT no. IT 16926501004 with registered office in Rome, 00187, Italy, via Quintino Sella, 20, which may appoint one or more data processors who operate under its direct authority based on the instructions received. Any communication relating to the processing of personal data for the exercise of the data subject's rights may be sent to the same controller by e-mail at info@eliantuscorporation.com
DATA PROTECTION OFFICER (DPO)
In order to provide the best possible service, including in terms of personal data protection, Eliantus Corporation srl. has appointed a Data Protection Officer (DPO).
LEGAL BASIS OF PROCESSING
The processing of personal data by l'Eliantus Corporation srl takes place when:
a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
b) the processing is necessary for the execution of a contract for the sale of products and/or services to which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same;
c) the processing is necessary to comply with a legal obligation to which the data controller is subject;
e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
PURPOSE OF THE PROCESSING
The personal data provided voluntarily are processed for the following purposes:
a) to register on the site and purchase products / services;
b) to allow the use of services reserved for registered users accessible from the Customer Area, aimed at better management of the relationship with the Customer;
c) for the management of the contractual relationship;
d) to verify the quality of the services provided and/or offer after-sales services;
e) to register for events advertised on the website and/or in the Reserved Area (seminars, webinars, etc.) and for the consequent management of related organizational and administrative requirements;
f) to send, via email, responses regarding our products and services;
g) to process statistics in anonymous form (e.g. to evaluate the number of accesses to the Eliantus Corporation srl website);
h) to carry out promotional activities on products and/or services of the data controller, using automated tools (in particular via email) and/or non-automated tools (telephone with operator or paper mail). In these cases, the user may always freely modify their consent, in whole or in part, by sending an email to info@eliantuscorporationsrl.com;
i) for personnel selection purposes through the dedicated Page of the site;
j) for the purposes of IT security, the data controller, also through its suppliers (third parties and/or recipients), processes the data subject's personal data relating to traffic to the extent strictly necessary and proportionate to ensure the security of networks and information, that is, the ability of a network or an information system to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, or confidentiality of personal data stored or transmitted. The data controller will promptly inform the data subjects if there is a particular risk of violation of their data;
k) for the prevention of fraud, the data subject's personal data will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out an automated verification prior to the negotiation of services and/or products. Failing these checks will result in the impossibility of carrying out the transaction; the data subject may in any case obtain an explanation or contest the decision by providing their reasons by contacting the data controller at the e-mail address info@eliantuscorporation.com;
Personal data collected solely for anti-fraud purposes, unlike data necessary for the proper execution of the requested service, will be immediately deleted at the end of the control phases;
l) to comply with legal obligations and measures of the competent Authorities.
METHODS OF PROCESSING
Personal data are processed mainly with automated and electronic tools, for the time strictly necessary to achieve the purposes for which they were collected. In particular, the processing of personal data may involve: collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication and dissemination, deletion and destruction, and any other operation useful for the provision of the requested services, including communication to third parties, where necessary. Such data may also be organized in databases or archives. Specific security measures are adopted by Eliantus Corporation srl to prevent the violation of personal data, namely loss, unlawful or improper use of such data, and unauthorized access, in order to allow processing only by persons in charge or appointed managers in accordance with the law. The acquired personal data are stored on electronic media, kept and archived on servers owned by Aromi Divini di Oksana Loboda, located in the European Community, managed in a protected environment with controlled access.
Adequate security measures are adopted by Eliantus Corporation srl in order to preserve the confidentiality, integrity, and availability of the data subject's personal data and to prevent its accidental or unlawful breach.
Eliantus Corporation srl imposes similar adequate security measures on third-party suppliers and Data Processors.
RIGHTS OF THE DATA SUBJECT
Data subjects have at any time:
1. Right of Access: the right to obtain confirmation of the existence or otherwise of one's personal data and to know its content, origin, and to verify its accuracy;
2. Right of Rectification: the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement;
3. Right to Erasure (right to be forgotten). The right to obtain from the data controller the erasure of personal data concerning you without undue delay, if one of the following reasons applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
c) the data subject objects to the processing and there is no overriding legitimate reason to proceed with the processing;
d) the personal data have been processed unlawfully;
e) personal data must be deleted to comply with a legal obligation provided for by Union law or the law of the Member State to which the data controller is subject;
f) the personal data have been collected in relation to the offer of information society services to minors.
4. Right to Restriction of Processing. Right to obtain from the data controller the restriction of processing when one of the following situations occurs:
a) the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted;
c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject for the establishment, exercise or defense of a right in court;
d) if the data subject has objected to the processing, pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
5. Right to Data Portability. Right to obtain the direct transmission of personal data from one data controller to another, if technically feasible. Right to receive personal data provided in a structured, commonly used, and machine-readable format and the right to transmit such data to another data controller without hindrance from the data controller to whom they were provided if:
a) the processing is based on consent or on a contract;
b) the processing is carried out by automated means.
6. Right of Objection: the right to object to the processing of personal data when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, or is necessary for the pursuit of the legitimate interests of the data controller or third parties, including profiling based on such needs. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to such direct marketing.
7. Right to lodge a complaint with the Supervisory Authority.
Requests for the exercise of such rights should be addressed to:
- via e-mail, at the address info@eliantuscrporation.com,
- by ordinary mail to the physical address of the Data Controller.
TYPE OF DATA
Data provided voluntarily by the data subject.
The optional, explicit, and voluntary submission of personal data (name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, fax, tax code, email address(es)) and banking data (IBAN and bank/postal details) to the addresses indicated on this site entails their subsequent processing by the data controller.
In the event that the user enters or otherwise processes data of third parties, they hereby guarantee, assuming all related responsibility, that they have previously provided them with the information contained in this notice and have obtained their consent to the processing if required by the specific case.
In the event that the user sends personal data that is not necessary for the purposes of the requested service, Eliantus Corporation srl will immediately delete such data and promptly inform the data subject. Specific summary information is provided or displayed on the pages of the site prepared for on-demand services, in order to draw the data subject's attention to the processing of their personal data.
OPTIONAL NATURE OF DATA PROVISION
With the exception of navigation data, providing data is optional. However, failure to provide, even partially, such data may make it impossible to execute the contract, preventing the provision of the service that is its subject, as well as precluding the continuation of the relationship with Eliantus Corporation srl.
SCOPE OF DATA COMMUNICATION AND DISCLOSURE
The data is stored and collected in the company database of Eliantus Corporation srl and recorded in such a way as to allow access only to those expressly appointed and authorized for this purpose.
The communication of the data subject's personal data takes place to third parties and/or recipients whose activity is necessary for carrying out activities related to the contractual relationship established with the data subject and to comply with certain legal obligations, such as:
a) third-party providers for the provision of services (assistance, maintenance, delivery/shipping of products, provision of additional services, providers of electronic communication networks and services) related to the requested service;
b) credit and digital payment institutions, banking/postal institutions for the management of collections, payments, refunds related to the contractual service;
c) professionals and external consultants and/or consulting firms for the fulfillment of legal obligations, exercise of rights, protection of contractual rights, debt collection;
d) financial administration, public bodies, judicial authorities, supervisory and control authorities for the fulfillment of legal obligations, defense of rights, lists and registers kept by public authorities or similar bodies based on specific regulations, in relation to the contractual service;
e) subjects formally delegated or having a legally recognized title such as legal representatives, curators, guardians, etc.
f) associated, controlled, affiliated companies of Aromi Divini by Oksana Loboda or the legal entity that succeeds Aromi Divini by Oksana Loboda as a result of a business transfer, transformation or merger;
g) companies that conduct surveys regarding customer satisfaction, where the data subject has given the necessary specific consent.
Eliantus Corporation srl requires its third-party suppliers and appointed Data Processors to comply with security measures equal to those adopted for the data subject.
Eliantus Corporation srl does not transfer the personal data for which it is the data controller to countries where the GDPR is not applied.
STORAGE OF PERSONAL DATA
Users' personal data will be retained only for the time necessary to ensure the proper provision of the services requested and offered through the site.
In particular, they will be retained for the entire duration of your registration and, in any case, for no longer than a maximum period of 12 (twelve) months of inactivity or if, within this period, no services are associated and/or products are purchased using the registration itself.
In the case of data provided to the controller for the purpose of commercial promotion for services other than those already acquired by the data subject, for which consent was initially given, such data will be retained for 24 months, unless the consent given is revoked.
Regardless of the data subject's request for their removal, personal data will in any case be retained according to the terms established by current legislation and/or national regulations, for the sole purpose of ensuring specific obligations related to certain services (by way of example but not limited to, Certified Electronic Mail, Digital Signature, Substitute Storage).
Personal data will in any case be retained for the fulfillment of obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 c.c.) and for these purposes the data controller will retain only the data necessary for the relevant pursuit.
Exceptions are made in cases where it is necessary to assert in court the rights deriving from the contract and/or from registration, in which case the data subject's personal data, exclusively those necessary for such purposes, will be processed for the time strictly necessary to achieve them.
INFORMATION SECURITY
All information collected on the site is stored and maintained in secure facilities that limit access exclusively to authorized personnel. The website is regularly monitored to check for any security breaches and to ensure that all collected information is safe from those who intend to view it without authorization.
Eliantus Corporation srl implements all security measures described by applicable laws and regulations and all appropriate measures according to the most advanced current standards, to ensure and guarantee the confidentiality of users' personal data, and to minimize, as much as possible, the risks arising from their violation.
This information notice is updated as of January 1, 2023.