Privacy Policy of www.elisalancishop.com
Last updated: [22/11/2025]
With this Privacy Policy, the data controller, as defined below, wishes to provide users and visitors of the website www.elisalancishop.com (“Site”) all information relating to the purposes for which it collects and processes their personal data, the categories of personal data processed, the rights recognized to users and visitors of the Site under Regulation (EU) No. 679/2016 (“GDPR”) and national data protection legislation (collectively, “Privacy Legislation”), and how the user and visitor of the Site can exercise these rights. This Privacy Policy also aims to allow users and visitors of the Site to consciously give consent to the processing of their personal data, where required by the Privacy Legislation.
This document can be printed using the print command available in the settings of any browser.
1. Data Controller
LADY SHOES SRL, CORSO ATELLANO 51/53, 81030 SANT'ARPINO (CE) - IT, Italy, email: lady-shoes@virgilio.it, is the data controller of the data of users/visitors collected through the Site (“Data Controller” o “Elisalanci”).
Data Controller's email address: lady-shoes@virgilio.it
2. Types of Data collected
Among the personal data of users/visitors that the Data Controller collects through the Site are included:
- Personal details (first name, last name, company name, date of birth, tax code, VAT number);
- Contact data (email address, phone number, physical shipping address, and billing address); and
- Any responses from users/visitors to questions provided and feedback requested by the Site through online forms and surveys (hereinafter, “Personal Data”).
The Personal Data listed above are collected by the Site at the time:
- registration on the Site, for users registering for the first time on the Site (“User”); or
- the purchase of one or more products offered for sale through the Site, for users not registered on the Site (“Guest”).
Unless otherwise specified within the Site, all requested Personal Data are considered mandatory. It is therefore understood that failure to provide Personal Data marked as mandatory prevents registration on the Site or the use of the services offered therein; failure to provide Personal Data possibly marked as optional does not prevent registration on the Site or the use of the services offered therein, but may still make their use less immediate and user friendly.
This Site also uses Cookies and/or other tracking tools according to the methods and purposes described in the Cookie Policy (see art. 6 below).
The User/Guest assumes responsibility for the Personal Data of third parties that they have published or shared through this Site and guarantees that they have the right to communicate or disclose them, and that they have made this Privacy Policy known to said third parties, releasing the Data Controller from any liability towards such third parties.
3. Purposes and Legal Bases of the processing of Personal Data
Purposes of the processing
The Personal Data of Users/Guests will be processed by the Data Controller according to principles of necessity, data minimization, lawfulness, fairness, proportionality, and transparency for the following purposes:
(a) provide the Site, allow access and registration to the Site, as well as the use of services offered through the Site, including the online purchase of products and order management and any other service possibly offered in the future through the Site requested by the User/Guest, as well as improve the Site and the services offered therein;
(b) ensure the User/Guest assistance service (by filling out the appropriate form provided on the Site or by contacting the Data Controller directly) during registration on the Site and/or use of the Site and the services offered therein, and also to resolve any malfunction reports and/or disputes;
(c) comply with legal obligations, respond to requests from competent Authorities, protect its rights and interests, identify any fraudulent or malicious activities;
(d) provide the User/Guest, through the email address indicated during registration on the Site or purchase through the Site, with commercial information and newsletters related to products and services similar to those already purchased/requested by the User/Guest;
(e) send the User advertising material and carry out promotional, marketing, and/or direct sales activities of products and/or services sold and/or provided by the Data Controller;
(f) send the User commercial and promotional communications related to products and/or services of selected third parties (i.e., companies of the Group to which the Data Controller belongs, parent companies, subsidiaries and/or affiliates, companies affiliated with the Data Controller, and third-party partners), with whom the Data Controller has legal relationships (without any communication of Personal Data to third parties in this case);
(g) carry out profiling activities towards the Site User, that is, evaluate their preferences, consumption habits, and tastes, also by inviting them to participate in market research, for the subsequent sending of targeted marketing communications.
Legal basis of processing
The above-mentioned processing purposes (see section “Processing Purposes”, letters from (a) to (g)) are processed by the Data Controller on the following legal bases:
(a) performance of the contract with the User/Guest and legitimate interest of the Data Controller;
(b) performance of the contract or pre-contractual measures at the User's/Guest's request and legitimate interest of the Data Controller
(c) fulfillment of a legal obligation to which the Data Controller is subject and/or legitimate interest of the Data Controller;
(d) legitimate interest of the Data Controller, unless opposed by the User/Guest;
(e) User's expressed consent;
(f) User's expressed consent; and
(g) User's expressed consent.
With reference to the purpose referred to in point (d) above , the User/Guest may object at any time to receiving such communications by clicking the link at the bottom of the related email or by contacting the Data Controller at the email address indicated in art. 1 above.
Contact methods aimed at direct marketing activities, on behalf of third parties and profiling as in points (e), (f), and (g) above , contacts may be both automated (via email, SMS, push notifications, other mass messaging tools, etc.) and traditional (calls with an operator and postal mailings). In any case, the User may revoke their consent, even partially, for example by consenting only to traditional contact methods.
If the User consents to the profiling indicated in point (g) above , it will involve an automated activity aimed at placing the User in a category of subjects with homogeneous characteristics (in terms of purchase preferences, product interest, and purchase areas) based on their previous purchase experiences, market analyses they may have participated in, their demographic class, and their activities on the Site.
Third-Party Websites and Applications
Users are reminded that the Site may incorporate or otherwise interact with applications and websites of third parties (“ Third-Party Websites and Applications ”), to make some of the ancillary services offered through the Site available to Users/Guests. Third-Party Websites and Applications are governed by their respective terms and conditions of use and privacy policies. The use by Users/Guests of Third-Party Websites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made.
4. Processing methods; Recipients of Personal Data; Location and retention period of Personal Data
Processing methods
The Data Controller adopts appropriate security measures pursuant to art. 32 GDPR, aimed at preventing unauthorized access, disclosure, modification, or destruction of Users'/Guests' Personal Data.
Processing is carried out on paper and/or by IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated inart. 3 above.
Recipients of Personal Data
The processing of Users'/Guests' Personal Data will be entrusted, in individual operations, to employees and/or collaborators of the Data Controller (administrative, commercial, marketing, legal staff, system administrators), duly authorized and appointed.
Any third parties appointed by the Data Controller to process Users'/Guests' Personal Data (e.g., third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) will be appointed as Data Processors pursuant to art. 28 GDPR. The updated list of Data Processors can always be requested from the Data Controller by contacting the email address indicated inart.1 above.
Users'/Guests' Personal Data will not be disseminated or transferred outside the European Union.
Place and period of retention of Personal Data
Users'/Guests' Personal Data will be stored on the Data Controller's servers, all located within the EU.
That said, Users/Guests are reminded that the Site may incorporate or otherwise interact with Third-Party Websites and Applications, in order to make available the ancillary services offered through the Site. Third-Party Websites and Applications are governed by their respective terms and conditions of use and privacy policies. The use by Users/Guests of Third-Party Sites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made.
Users'/Guests' Personal Data are processed by the Data Controller and retained for the time necessary for the purposes indicated inart. 3 above. In particular:
- for the purposes referred to in points (a), (d), (e), (f), and (g) of art. 3 above, the Personal Data of Users will be retained by the Data Controller (but not used for purposes (d), (e), (f), and (g) in case of objection, or in case of absence or subsequent withdrawal of consent) until the User deletes their account. However, it is understood that the Data Controller may retain Users' Personal Data to defend its rights in relation to disputes existing at the time of the request or as directed by public authorities. The User can delete their account or send an explicit request for deletion of Personal Data to the Data Controller (see art. 1 above);
- for the purpose referred to in point (a) of art. 3 above, the Personal Data of Guest will be retained until the execution of the contract or pre-contractual measure in place is completed. For the purpose referred to in point (d) of art. 3 above the Personal Data of Guests will be retained, unless opposed, as long as the legitimate interest of the Controller lasts. The Personal Data of Guests will not be processed – and therefore retained – for the purposes referred to in points (e), (f), and (g) of art. 3 above;
- for the purposes referred to in point (b) of art. 3 above, the Personal Data of Users/Guests will be retained for the time strictly necessary to resolve the request for assistance, report and/or dispute and provide Users/Guests with feedback. Even in this case, it is understood that the Controller may retain the Personal Data, within legal limits, to defend its rights in relation to ongoing disputes or at the request of public authorities; and
- for the purpose referred to in point (c) of art. 3 above, the Personal Data of Users/Guests they will be retained by the Controller as long as the necessity of processing to comply with these legal obligations persists.
At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiration of this period, the rights of access, deletion, rectification, and the right to data portability can no longer be exercised.
5. Rights of the User/Guest
Users/Guests can exercise certain rights with regard to the Personal Data processed by the Controller.
In particular, the User/Guest has the right to:
- obtain information regarding the purposes for which their Personal Data are processed, the period of processing, and the parties to whom the Personal Data are disclosed (so-called right of access);
- obtain the correction or completion of inaccurate Personal Data concerning them (so-called right to rectification);
- obtain the deletion of Personal Data concerning them in the following cases (a) the Personal Data are no longer necessary for the purposes for which they were collected; (b) they have withdrawn their consent to the processing of Personal Data when it is based on their consent; (c) they have objected to the processing of Personal Data concerning them when it is processed for the legitimate interest of the Controller; or (d) the processing of their Personal Data is not compliant with the law (so-called right to erasure). However, we inform the User/Guest that the retention of their Personal Data by the Controller is lawful if it is necessary to allow compliance with a legal obligation or to ascertain, exercise, or defend a right in court;
- obtain that their Personal Data is only stored without further use in cases where (a) they contest the accuracy of their Personal Data, for the period necessary to allow us to verify the accuracy of such Personal Data; (b) the processing is unlawful but they oppose the deletion of their Personal Data by the Data Controller; (c) the Personal Data is necessary for the establishment, exercise, or defense of a right in court; (d) they have objected to the processing and are awaiting verification regarding the possible prevalence of the Data Controller's legitimate reasons for processing over those of the data subject (so-called right to restriction);
- receive their Personal Data in a commonly used, machine-readable, and interoperable format (so-called right to data portability).
- obtain the cessation of processing in cases where their Data is processed for commercial communications/newsletters related to products or services identical to those already purchased/provided by the Data Controller (so-called right to object); and
- revoke their consent to the processing of Personal Data at any time, without affecting the lawfulness of the processing based on consent before the revocation.
How to exercise rights
To exercise the rights listed above, Users/Guests can send a request to the contact details of the Data Controller indicated atart.1 above. Requests are submitted free of charge and processed by the Data Controller as soon as possible. Finally, we remind you that the User/Guest has the right to contact the Data Protection Authority, located at Piazza di Monte Citorio, 121 - 00186 Rome (RM), to assert their rights regarding the processing of their Personal Data by the Data Controller.
6. Cookie Policy
This Website uses Cookies and other tracking tools. To learn more, the User/Guest can consult our Cookie Policy.
7. Changes to this Privacy Policy
Without prejudice to the fact that the Data Controller in any case does not carry out processing operations other than those expressly authorized and/or requested by Users/Guests, this Privacy Policy may be subject to changes to comply with new legal provisions, changes in the Data Controller's personal data processing policies and/or following changes to the characteristics of the Site and/or the services offered therein. Each updated version of this Privacy Policy will be made available on the Site in the dedicated section: therefore, the Data Controller invites Users/Guests to periodically consult the Privacy Policy published on the Site to always be informed of the latest version published.