Privacy policy

Notice on the processing of personal data

The company Elba Italy S.p.A. (hereinafter referred to as ‘Elba’ for short, or the ‘Company’) informs you that personal data acquired by browsing this website will be processed in accordance with the law on the protection of personal data.

With reference to the methods for managing and processing the personal data of users that consult this site, under Article 13 EU Regulation No 679/2016, Elba provides the following information:

1. Types of data collected, purposes and legal basis for processing

Navigation data

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the users’ terminals that connect to the site, the MAC (Media Access Control) addresses, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for in article 6(1)(b) of EU Regulation No. 679/2016, (1)(b) of EU Regulation No. 679/2016, i.e. to enable the user to benefit from the requested service. The same data may also be used to fulfil legal obligations or requests by judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for in article 6(1)(b) of EU Regulation No. 679/2016, (1)(C) of EU Regulation No. 679/2016 i.e. because the processing is necessary for compliance with a legal obligation to which the data controller is subject

Data provided voluntarily by the user

Following the voluntary sending of e-mail messages to the e-mail addresses on the site, Elba may process the sender’s e-mail address and any further personal data contained in the message, in order to respond, again by e-mail, to requests made by the user. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for in article 6(1)(b) of EU Regulation No. 679/2016, i.e. insofar as the requested service is provided to the user. The same data may also be used to fulfil legal obligations or requests by judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is to be found in the hypothesis provided for in article 6(1)(b) of EU Regulation No. 679/2016, (1)(C) of EU Regulation No. 679/2016 i.e. because the processing is necessary for compliance with a legal obligation to which the data controller is subject

The interested party is requested not to enter or send through the tools on the site “particular categories of personal data”, “biometric data”, “genetic data”, “data relating to health”, “data relating to criminal offences or convictions” as defined by current legislation.

These data, if provided by the data subject, will be immediately deleted.

Cookies

The site uses technical cookies (session and navigation cookies), to ensure normal navigation and use of the website (allowing, for example, authentication to access restricted areas).
The site also uses third-party analytical cookies (with reduced identification potential) in order to monitor users’ use of the site for web platform optimisation and statistical (analytical) purposes. For all information on the processing of personal data by means of cookies, please refer to the extended cookie policy, which can be found on every page of the portal.

2. Data retention period

Personal data collected and processed as a result of browsing this site will be retained for as long as the service is provided and in any case deleted or anonymised within 7 days. Personal data sent autonomously by users through the tools on the site will be deleted after providing the requested service or responding to them, and in any case within a maximum of 15 days from the completion of this activity, except for those required to comply with tax, accounting and administrative regulations or to fulfil other legal obligations and to document the activities performed.

3. Methods of processing

The personal data collected will be processed, stored and processed by electronic means and will be stored both on computer media and on paper, organised in databases, and on any other suitable media.

Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.

Elba’s processing of personal data does not involve any automated decision-making processes.

4. Communication of personal data

The communication of navigation data is a necessary requirement for the provision of the requested service (site navigation) and therefore obligatory for this purpose: failure to communicate personal data on the part of the person concerned will make it impossible for Elba to allow navigation on this site. Disclosure of data for further purposes is optional: failure to disclose data in such cases will have no consequences for the data subject, but may result in the impossibility of providing the user with the requested response.

5. Persons to whom personal data may be disclosed

The personal data collected will not be disclosed and may be communicated, in addition to the subjects whose right and interest in accessing your personal data is recognised by law or secondary and/or EU regulations, to authorised personnel within the Data Controller, as well as to companies, associations or professional firms that provide services and activities on behalf of the Data Controller in their capacity as Data Processor for the fulfilment of legal obligations, as well as for any organisational and administrative requirements necessary to provide the services requested.
The names of further persons who may become aware of your personal data in their capacity as ‘data processors’ are set out in an up-to-date list available from Elba (to be obtained from the contact details given in Section 9).

6. Transfer of data abroad or to international organisations

Elba does not transfer the personal data of data subjects collected through this site and the tools provided therein abroad or to international organisations.

7. Links to websites or services of third parties

This information is provided only for the processing of personal data carried out through this site or the tools provided by it, and not for other websites that may be consulted by the user through links, whose operators operate as autonomous data controllers. Users are therefore invited to read their privacy policies carefully before accessing the services of third parties.

8. Rights of the data subject

In relation to the aforementioned processing of personal data, the data subject is entitled to exercise at any time the rights provided for in EU Regulation No. 679/2016, including, for example, to obtain, within 30 days of the request, the indication:

  • of the origin of the personal data;
  • of the purposes and methods of the processing;
  • of the logic applied in the event of processing carried out with the aid of electronic instruments;
  • of the identification details of the Data Controller, the data processors and the designated representative.

The data subject is also entitled to obtain within the same 30-day period

  • the access, the update, rectification or, where interested, integration the data;
  • the cancellation, transformation into anonymous form or blocking of data processed in breach of the law;
  • the restriction of the processing of data concerning him/her, i.e. to ask the controller or processor to restrict the purposes or means by which his/her data are processed.

The data subject may also request a copy of his or her data in a standardised format (‘Right to data portability’).

The data subject, finally, has the right to object at any time and without cost, in whole or in part:

  • on legitimate grounds to the processing of personal data concerning him or her, even if pertinent to the purpose of collection;
  • to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) GDPR, (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests of the controller or a third party”) including profiling on the basis of those provisions.
  • to the processing of personal data concerning him or her for the purposes of sending advertising materials or direct sales or for the performance of market research or commercial communication (direct marketing), including profiling insofar as it is related thereto.

The data subject has the right to withdraw his or her consent to the processing, when this is based on the assumption provided for in Article 6(1)(a). (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or Article 9(2)(a) (when “the data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes”) of EU Regulation 679/2016, at any time without affecting the lawfulness of the processing based on the consent given before the revocation.

If the data subject considers that processing concerning him or her is in breach of the legislation in force, he or she has the right to lodge a complaint with a supervisory authority, namely in the Member State where he or she normally resides, works or where the alleged breach has occurred. The Italian Regulatory Authority can be reached at the contact details on the its website.

9. Data controller – Contact details

The Data Controller is Elba Italy S.p.A., Via Fabian Matteo, n.7 31030 Borso del Grappa (TV), VAT no. IT03295340263. The Company may also be contacted at the e-mail address info@elba-cookers.it and the PEC address elbaitalyspa@legalmail.it.

To exercise the rights listed above, the person concerned may make a request using the info@elba-cookers.it e-mail account.

Elba reserves the right to update this notice on the processing of personal data.

10. Data Protection Officer

The Haier Europe Group, of which Elba Italy S.p.A. is a part, has appointed a Data Protection Officer (also known as “DPO” or “Data Protection Officer”), who can be contacted by data subjects for all matters relating to the processing of their personal data and the exercise of their rights arising there from.

The designated Data Protection Officer can be reached at the following address: dpo@candy-group.com.