This policy is written in accordance with the General Data Protection Regulation (GDPR) 2018 and applies to all pages hosted on this site and other services ERA K.I. runs.
WHO WE ARE
ERA K.I. SRL (P.IVA 10190260967) has its registered office in Via Andrea Ponti 15, 20143 Milano, Italy and is to be considered the Controller under the definition given by the General Data Protection Regulation (GDPR), Art. 4.
The categories of personal data that ERA K.I. collects and processes when the user browses or purchases products through our services are as follows:
a) personal data necessary to provide the services required on or to execute the purchase contract for goods offered on , such as name and surname, e-mail address, shipping address, billing address, telephone and payment details;
b) e-mail address when signing up for our newsletter service;
c) personal data provided when contacting any of our service to provide the assistance requested;
d) upon the user consent, we collect and use personal data for marketing purposes;
e) with the express consent, by analyzing the user personal data we can process information regarding interests and preferences with respect to our products and services in order to present proposals and offers in line with the user tastes. In case of authentication through external social networks, we collect the data necessary for registration/authentication through those aforementioned social networks. We also collect information from third parties and, in particular, from Facebook, Google+, Instagram and Twitter. This information includes the following data categories: e-mail address.
f) information about browsing on such as the pages visited and how the user interacts with the single page.
g) ERA K.I. does not process personal data relating to minors. When accessing and using the services offered by , the user declares that he/she is of legal age.
h) if and when creating a personal profile, we offer the possibility to use the following services:
• Orders: follow the shipment of the orders, change or return items and see the order history.
• Addresses: billing address and shipping address.
• Account details: manage the registration data.
With the express consent, we will customize the experience and the contents of commercial communications and offers visible when browsing on as a registered user. Personalization is made possible by the analysis of personal data in our possession, described in this paragraph.
We process personal data only in the presence of one of the conditions provided for by the law in force (Art. 6 GDPR), and specifically:
a) for the execution of a contract.
When processing data for the conclusion of the purchase agreement of which the user is a part, we ensure that we only use the minimum information necessary for the execution of it. This basis legitimizes the processing of personal data that takes place in the following activities:
- execution of a purchase agreement for the products and services offered on ;
- registration on the website and use of services reserved for registered users;
- provision of services offered on ;
- management of requests by our customer care.
b) to comply with a legal obligation.
In the event of conclusion of an agreement for the purchase of goods or services on , the processing of the user's data will take place in order to fulfill the legal obligations to which ERA K.I. complies with in accordance with the tax provisions and other regulations to which we are subject. Users are free to decide whether to conclude an agreement and whether or not to disclose their data, but if they decide to conclude it, their data will be necessary and will be processed to effect the aforementioned legal obligations to which ERA K.I. is required.
c) for our legitimate interest.
If and when purchasing products on by credit or debit card, some of the personal data may be processed to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and pursue any fraudulent activity.
d) based on your consent.
The following processing will be carried out only upon express consent:
- carrying out marketing activities and market research;
- analysis of the browsing and consumption habits in the use of the personal profile, in order to personalize the experience on our site;
- sending promotional messages and deliver advertisements about products, services, programs or events that may be of interest to the user;
- subscription to our newsletter;
- delivering news, updates and other types of communications, according to the user subscriptions, alerts and other preferences.
Providing personal data for these activities is absolutely optional.
WHO PROCESSES THE DATA
Personal data is processed by personnel duly authorized by ERA K.I. as data Controller.
For organizational and functional needs related to the provision of services on , data could also be processed by our suppliers or by our IT assistants.
Some of these subjects may also be based in non-EU countries and, in these cases, the transfer of personal data in these countries is carried out in compliance with the guarantees provided by law. Specifically, they offer an adequate level of data protection, as established by specific decisions of the European Commission.
HOW LONG WE KEEP THE DATA
We keep personal data for a limited period of time, which is different depending on the type of activity that involves the processing of personal data. After this period, data will be permanently erased or otherwise rendered anonymous in an irreversible way.
Personal data is stored in compliance with the following terms and criteria:
a) data collected to conclude and execute agreements for the purchase of goods or to make use of our services on : until the administrative and accounting formalities have been completed. The billing data will be kept for 10 years from the billing date;
b) data of registered user: the data will be stored until requested to eliminate the personal profile;
c) data relating to the payment: up to the certification of the payment and the conclusion of the related administrative and accounting formalities resulting from the expiration of the right of withdrawal and the terms applied for the contestation of the payment;
d) data collected in the context of the use of services offered to the user: these data are retained until the termination of service or cancellation of the subscription to the service by the user;
e) data related to user requests to our customer care: the data useful to assist the user will be kept until the request is met;
f) data used for commercial communication activities towards users who purchase products on : this data is kept until the termination of service or the exercise of the opposition by unsubscription by the user;
g) data provided for commercial communications activities and market research: up to the request by the user to interrupt the activity and in any case within 2 years from the last interaction of any kind of user with us;
h) data used to personalize the site and to show customized commercial offers: as long as the user does not request the termination of the activity and in any case within 2 years from the last interaction of any kind of user with us;
i) data used for carrying out market research and surveys for the detection of satisfaction: as long as the user does not request the termination of the activity.
In any case, for technical reasons, the termination of the processing and the subsequent cancellation or irreversible anonymization of the related personal data will be final within 30 days of the terms indicated above.
The exercise of the rights provided for by the GDPR, Art. 15-21, is guaranteed at any time with reference to the specific processing of personal data by ERA K.I.. Below is their general description and how to practice them.
a) Access personal data and modify it: right to access personal data and to request that it be correct, modified or integrated with other information. Upon request, we will provide with a copy of personal data in our possession.
b) Revoke the consent: the consent given for the processing of personal data in relation to any activity for marketing purposes is revocable at any time. Once we receive the request, it will be our duty to promptly cease to process personal data based on this consent, while different processing or that which is based on other assumptions will continue to be carried out in full compliance with the provisions in force.
c) Opposition to the processing of data: the right to object at any time to the processing of personal data made on the basis of our legitimate interest is guaranteed, explaining the reasons that justify the request.
d) Delete the data: the cancellation of personal data may be requested in the cases provided for by current legislation.
e) Request of restriction of the processing: in this case, we will continue to keep personal data but will not process it, unless it is subject to a different request and the exceptions established by law. Processing of personal data can be limited when the user disputes the accuracy of personal data, when the processing is illegal but the user opposes the cancellation of the data, when we no longer need the personal data but the user needs to exercise a right in court and when the user opposes the processing, in the period in which we evaluate the reasons for the request.
f) Request of data transfer to other party than ERA K.I. ("right to data portability"): the user can ask to receive the data that we process based on his/her consent or on the basis of an agreement in a standard format. Upon request, where technically possible, we may transfer the data directly to a third party promptly indicated.
In order to exercise the rights described above, contact us by sending us an e-mail at firstname.lastname@example.org or by writing to the address of the data controller above.
If you believe that the processing of your personal data has been carried out illegally, you can file a complaint with one of the supervisory authorities responsible for compliance with the rules on personal data protection. For a complete list of the Data Protection Authorities of every EU member, please visit the European Data Protection Board at https://edpb.europa.eu/.
In Italy, the complaint can be presented to the Italian Data Protection Authority. More information on the presentation methods are available on the website of the Italian Data Protection Authority, at http://www.garanteprivacy.it./