Privacy Policy of www.elisalancishop.com
Last updated: [22/11/2025]
With this Privacy Policy, the data controller, as defined below, wishes to provide users and visitors of the website www.elisalancishop.com ("Website") with all information regarding the purposes for which it collects and processes their personal data, the categories of personal data processed, the rights granted to users and visitors of the Website pursuant to Regulation (EU) No. 679/2016 ("GDPR") and national legislation on data protection (collectively, "Privacy Legislation"), and how the user and visitor of the Website can exercise these rights. This Privacy Policy also aims to allow users and visitors of the Website to knowingly give consent to the processing of their personal data, where necessary according to Privacy Legislation.
This document can be printed using the print command available in any browser's settings.
1. Data Controller
LADY SHOES SRL, CORSO ATELLANO 51/53, 81030 SANT'ARPINO (CE) - IT, Italy, email: lady-shoes@virgilio.it, is the data controller for user/visitor data collected through the Website ("Controller" or "Elisalanci").
Controller's email address: lady-shoes@virgilio.it
2. Types of Data Collected
Among the personal data of users/visitors that the Controller collects through the Website are:
- Personal identification data (name, surname, company name, date of birth, tax code, VAT number);
- Contact data (email address, telephone number, physical shipping address and billing address); and
- Any responses from users/visitors to questions provided and feedback requested by the Website through online forms and surveys (hereinafter, "Personal Data").
The Personal Data listed above are collected by the Website at the time of:
- registration to the Website, for users who register for the first time on the Website ("User"); or
- the purchase of one or more products offered for sale through the Website, for users not registered on the Website ("Guest").
Unless otherwise specified on the Website, all requested Personal Data are to be considered mandatory. It is therefore understood that failure to provide Personal Data marked as mandatory prevents registration to the Website or the use of the services offered therein; failure to provide Personal Data possibly marked as optional does not prevent registration to the Website or the use of the services offered therein, but may still make the use of the same less immediate and user-friendly.
This Website also uses Cookies and/or other tracking tools as described in the Cookie Policy (see Art. 6 below).
The User/Guest assumes responsibility for third-party Personal Data published or shared through this Website and guarantees that they have the right to communicate or disseminate them, and that they have informed said third parties of this Privacy Policy, relieving the Controller of any responsibility towards such third parties.
3. Purposes and Legal Bases for the Processing of Personal Data
Purpose of processing
The Personal Data of Users/Guests will be processed by the Controller according to principles of necessity, data minimization, lawfulness, fairness, proportionality, and transparency for the following purposes:
(a) to provide the Website, allow access to and registration on the Website, as well as the use of services offered through the Website, i.e., the purchase of products online and order management, and any other service that may be offered in the future through the Website that the User/Guest requests, as well as to improve the Website and the services offered therein;
(b) to provide the User/Guest with assistance (by filling in the appropriate form on the Website or by contacting the Controller directly) during registration to the Website and/or use of the Website and the services offered therein, and also to resolve any reports of malfunction and/or disputes;
(c) to fulfill legal obligations, respond to requests from competent Authorities, protect its rights and interests, identify any malicious or fraudulent activities;
(d) to provide Users/Guests, through the email address indicated during registration to the Website or purchase through the Website, with commercial information and newsletters relating to products and services similar to those already purchased/requested by the User/Guest;
(e) to send advertising material to the User and carry out promotional, marketing and/or direct sales activities for products and/or services sold and/or provided by the Controller;
(f) to send commercial and promotional communications to the User regarding products and/or services of selected third parties (i.e., companies of the Group to which the Controller belongs, parent companies, subsidiaries and/or affiliates, companies affiliated with the Controller and third-party partners), with whom the Controller has legal relations (without, in this case, communicating Personal Data to third parties);
(g) to carry out profiling activities concerning the Website User, i.e., to assess their preferences, consumption habits and tastes, also by inviting them to participate in market research, for the subsequent sending of profiled marketing communications.
Legal basis for processing
The aforementioned processing purposes (see "Purpose of processing" section, letters (a) to (g)) are processed by the Controller on the following legal bases:
(a) execution of the contract with the User/Guest and legitimate interest of the Controller;
(b) execution of the contract or pre-contractual measures at the request of the User/Guest and legitimate interest of the Controller
(c) fulfillment of a legal obligation to which the Controller is subject and/or legitimate interest of the Controller;
(d) legitimate interest of the Controller, unless the User/Guest objects;
(e) explicit consent of the User;
(f) explicit consent of the User; and
(g) explicit consent of the User.
With reference to the purpose referred to in point (d) above, the User/Guest may object at any time to receiving such communications by clicking on the link at the bottom of the relevant email or by contacting the Controller at the email address indicated in Art. 1 above.
The contact methods aimed at direct marketing activities, on behalf of third parties and profiling as per points (e), (f) and (g) above, may be both automated (via email, SMS, push notifications, other mass messaging tools, etc.) and traditional (phone calls with an operator and postal mailings). In any case, the User may withdraw their consent, even partially, for example by consenting only to traditional contact methods.
If the User consents to the profiling indicated in point (g) above, it will involve an automated activity in order to place the User in a category of subjects with homogeneous characteristics (in terms of purchasing preferences, product of interest and purchasing areas) based on their previous purchasing experiences, market analyses they may have participated in, their demographic class and their activities on the Website.
Third-Party Websites and Applications
Users are reminded that the Website may incorporate or otherwise interact with third-party applications and websites ("Third-Party Websites and Applications"), to make some of the ancillary services offered through the Website available to Users/Guests. Third-Party Websites and Applications are governed by their respective terms and conditions of use and privacy policies. The use by Users/Guests of Third-Party Websites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made.
4. Processing Methods; Recipients of Personal Data; Location and Period of Retention of Personal Data
Processing methods
The Controller adopts appropriate security measures pursuant to Art. 32 GDPR, aimed at preventing unauthorized access, disclosure, modification or destruction of Users'/Guests' Personal Data.
Processing is carried out on paper and/or using IT and/or telecommunication tools, with organizational methods and logic strictly related to the purposes indicated in Art. 3 above.
Recipients of Personal Data
The processing of Users'/Guests' Personal Data will be entrusted, in individual operations, to the Controller's employees and/or collaborators (administrative, commercial, marketing, legal personnel, system administrators), duly authorized and appointed.
Any third parties delegated by the Controller to process the Personal Data of Users/Guests (e.g., third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) will be appointed as Data Processors pursuant to Art. 28 GDPR. The updated list of Data Processors can always be requested from the Controller by contacting them at the email address indicated in Art. 1 above.
The Personal Data of Users/Guests will not be disseminated or transferred outside the European Union.
Location and period of retention of Personal Data
The Personal Data of Users/Guests will be stored on the Controller's servers, all located in the EU.
That said, Users/Guests are reminded that the Website may incorporate or otherwise interact with Third-Party Websites and Applications, in order to make the ancillary services offered through the Website available. Third-Party Websites and Applications are governed by their respective terms and conditions of use and privacy policies. The use by Users/Guests of Third-Party Websites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made.
Users'/Guests' Personal Data are processed by the Controller and stored for the time necessary for the purposes indicated in Art. 3 above. In particular:
- for the purposes referred to in points (a), (d), (e), (f) and (g) of Art. 3 above, the Personal Data of Users will be stored by the Controller (but not used for purposes (d), (e), (f) and (g) in case of objection, or in case of absence or subsequent withdrawal of consent) until the User deletes their account. However, it is understood that the Controller may retain Users' Personal Data to defend its rights in relation to ongoing disputes at the time of the request or at the indication of public authorities. The User can delete their account or by sending an express request for the deletion of Personal Data to the Controller (see Art. 1 above);
- for the purpose referred to in point (a) of Art. 3 above, the Personal Data of Guests will be stored until the execution of the existing contract or pre-contractual measure is completed. For the purpose referred to in point (d) of Art. 3 above, the Personal Data of Guests will be stored, unless objected, as long as the Controller's legitimate interest persists. The Personal Data of Guests will not be processed – and therefore stored – for the purposes referred to in points (e), (f) and (g) of Art. 3 above;
- for the purposes referred to in point (b) of Art. 3 above, the Personal Data of Users/Guests will be stored for the time strictly necessary to resolve the assistance request, report and/or dispute and provide Users/Guests with feedback. Also in this case, however, it is understood that the Controller may retain Personal Data, within legal limits, to defend its rights in relation to ongoing disputes or at the indication of public authorities; and
- for the purpose referred to in point (c) of Art. 3 above, the Personal Data of Users/Guests will be stored by the Controller as long as the processing is necessary to fulfill said legal obligations.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, deletion, rectification and the right to data portability of Personal Data can no longer be exercised.
5. User/Guest Rights
Users/Guests can exercise certain rights with reference to the Personal Data processed by the Controller.
In particular, the User/Guest has the right to:
- obtain information regarding the purposes for which their Personal Data are processed, the processing period and the subjects to whom the Personal Data are communicated (so-called right of access);
- obtain the rectification or integration of inaccurate Personal Data concerning them (so-called right to rectification);
- obtain the deletion of Personal Data concerning them in the following cases (a) Personal Data are no longer necessary for the purposes for which they were collected; (b) they have withdrawn their consent to the processing of Personal Data if they are processed based on their consent; (c) they have objected to the processing of Personal Data concerning them if they are processed for a legitimate interest of the Controller; or (d) the processing of their Personal Data is not compliant with the law (so-called right to erasure). However, we inform the User/Guest that the retention of their Personal Data by the Controller is lawful if it is necessary to allow them to fulfill a legal obligation or to ascertain, exercise or defend a right in court;
- obtain that the Personal Data concerning them are only stored without being otherwise used in the event that (a) they dispute the accuracy of their Personal Data, for the period necessary to allow us to verify the accuracy of such Personal Data; (b) the processing is unlawful but they nevertheless object to the deletion of their Personal Data by the Controller; (c) the Personal Data are necessary for them to ascertain, exercise or defend a right in court; (d) they have objected to the processing and are awaiting verification as to whether the Controller's legitimate reasons for processing override those of the data subject (so-called right to restriction);
- receive their Personal Data in a commonly used, machine-readable and interoperable format (so-called right to data portability).
- obtain the cessation of processing in cases where their Data are processed for commercial communications/newsletters related to products or services identical to those already purchased/provided by the Controller (so-called right to object); and
- withdraw their consent to the processing of Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
How to exercise rights
To exercise the rights listed above, Users/Guests can send a request to the Controller's contact details indicated in Art. 1 above. Requests are filed free of charge and processed by the Controller as quickly as possible. Finally, we remind the User/Guest that they have the right to contact the Garante per la protezione dei dati personali (Italian Data Protection Authority), with headquarters in Piazza di Monte Citorio, 121 - 00186 Rome (RM), to assert their rights in relation to the processing of their Personal Data by the Controller.
6. Cookie Policy
This Website uses Cookies and other tracking tools. To learn more, the User/Guest can consult our Cookie Policy.
7. Changes to this Privacy Policy
Without prejudice to the fact that the Controller will in no case carry out processing operations other than those expressly authorized and/or requested by Users/Guests, this Privacy Policy may be subject to changes to comply with new legal provisions, changes in the Controller's Personal Data processing policies and/or following changes in the characteristics of the Website and/or the services offered therein. Each updated version of this Privacy Policy will be made available on the Website in the dedicated section: the Controller therefore invites Users/Guests to periodically consult the Privacy Policy published on the Website to always be informed of the latest published version.