Privacy Policy

EKO365 S.B. S.R.L., with registered office in Galleria Passarella 1, 20122 - Milan, as the data controller of the personal data of the users who browse and use the services available on the website www.eko365.it, and as the owner of the Site, operates in compliance with the regulations on the protection of the Privacy of Personal Data set forth in Article 13 of the EU Regulation 2016/679 of April 27, 2016 (hereinafter: the “Regulations”, or also the “Applicable Regulations”).
This Site and the Services are restricted to persons who are eighteen years of age or older. Therefore, the Data Controller does not collect personal data relating to persons under the age of eighteen. Upon the request of Users, the Data Controller will promptly delete all unintentionally collected personal data relating to persons under eighteen years of age.

The Data Controller gives the utmost consideration to the right to Privacy and the protection of personal data of its Users. For any information regarding this Privacy Policy, Users may contact the Data Controller at any time using the following methods:

  • by sending a registered letter with return receipt to:
    EKO365 S.B. S.R.L. – Galleria Passarella 1, 20122 – Milan
  • by sending an e-mail to [email protected]

1. Purpose of data processing

Users' personal data will be legally processed by EKO365 pursuant to Article 6 of the Regulations for the following purposes:

  1. contractual obligations and provision of the Services, to enable navigation on the Site or for the implementation of the terms of use of the Site, which are accepted by the User during registration on the Site and/or during the use of the Services and fulfill the User's specific requests. User data collected by EKO365 for the purposes listed above include: first name, last name, city of residence/domicile, telephone number, e-mail address, and any personal information of the User that may be voluntarily published. Unless the User specifically and voluntarily gives EKO365 consent to process their data for additional purposes, the User's personal information will be used by EKO365 for the sole purpose of ascertaining the User's identity (including by validating the email address), avoiding possible fraud or abuse, and contacting the User solely for reasons related to the provision of the Services (e.g. sending notifications regarding the Services). Notwithstanding the other provisions contained in this Privacy Policy, under no circumstances will EKO365 make Users' personal data accessible to other Users and/or third parties.
  2. administrative-accounting purposes, or to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contracts and pre-contractual obligations;
  3. legal obligations or to comply with obligations required by law, authority, regulation or European legislation.
    The provision of personal data for the purposes of the above processing is optional but necessary, as failure to provide such data will make it impossible for the User to navigate the Site, register on the Site and use the Services.
    The personal data necessary for the pursuit of the processing purposes described in this paragraph 1 are indicated with an asterisk in the contact forms of the Site.

2. Additional processing purposes: marketing (sending of advertising material, direct sales and commercial communication)

With the free and optional consent of the User, some of the User's personal data (i.e. first and last name and email address) may be processed by the Owner for marketing purposes (sending advertising material, direct sales and commercial communication), or in order to allow the Data Controller to contact the User by mail e-mail, telephone (fixed and/or mobile, with automatic communication or calling systems with and/or without the intervention of an operator) and/or SMS and/or MMS to propose to the User the purchase of products and/or or services offered by the Owner and/or third parties, to present offers, promotions and business opportunities.

In case of lack of consent, the ability to register on the Site will not be affected in any way.
If consent is given, the User may at any time revoke it by making a request to the Owner in the manner set forth in paragraph 7 below.
The User can also easily object to further sending of promotional communications via email by clicking on the relevant consent revocation link, which is present in each promotional email. Once consent has been revoked, the Data Controller will send an email to the User to confirm the revocation of consent. If the User wishes to revoke his or her consent to the sending of promotional communications by telephone while still continuing to receive promotional communications by email, or vice versa, please send a request to the Owner in the manner set forth in Section 7 below.
The Data Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (for example, the formation of contact lists already completed shortly before the receipt by the User of the request for objection), the User continues to receive further promotional messages. If the User continues to receive promotional messages after 24 hours have elapsed since the exercise of the right to object, please report the problem to the Data Controller, using the contact details set out in paragraph 7 below.

3. Additional processing purposes: newsletter

With the free and optional consent of the User, some of the User's personal data (e.g., first name, last name, address and e-mail address) may be processed by the Data Controller for the purpose of sending the newsletter. Therefore, the User will receive a periodic newsletter from the Owner that will contain information in relation to news on the site and/or the Owner's initiatives.

In case of lack of consent, the possibility of registering on the Site will not be influenced in any way.
In case of consent, the User can revoke it at any time by making a request to the Owner as indicated in paragraph 7 below.
The User can also easily oppose the further sending of promotional communications by clicking on the relevant link to revoke consent, which is present in every e-mail containing the newsletter. Once consent has been revoked, the Data Controller will send an email to the User to confirm the revocation of consent.

4. Additional processing purposes: profiling

With the free and optional consent of the User, the User's personal data (i.e. personal and contact data, information relating to the Services in which he has expressed his interest) may be processed by the Data Controller also for the purposes of profiling, or reconstructing the User's tastes and consumption habits, identifying their consumer profile, to send the User commercial offers consistent with the identified profile.
In case of lack of consent, the possibility of registering on the Site will not be influenced in any way.
In case of consent, the User can revoke it at any time by making a request to the Owner in the manner indicated in paragraph 7 below.

5. Processing methods and data retention times

The Data Controller processes the Users' personal data with manual and IT tools, with purposes strictly connected to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
Users' personal data will be kept for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or in any case as necessary for the protection of the interests of both Users and the Owner in compliance with the law.
In the cases referred to in paragraphs 2, 3 and 4, the personal data of the Users will be kept for the time strictly necessary to fulfill the purposes described therein and, in any case, for no more than twenty-four (24) and twelve (12) months respectively.

6. Scope of communication and dissemination of data

Users' personal data may be disclosed to employees and/or collaborators of the Data Controller in charge of managing the Site and all services relating to the provision of the Service. These subjects, who have been appointed by the Data Controller pursuant to Article 29 of the Regulation, process the Users' data exclusively for the purposes indicated in this declaration and in compliance with the provisions of the applicable law.
Users' personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as "external processors", such as IT and logistics service providers functional to the operation of the Site and/or Services, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of data controllers appointed by the Data Controller, by making a request to the Data Controller according to the methods indicated in paragraph 7 below.
Furthermore, the personal data of Users may be communicated by the Data Controller, to the extent that this is necessary and essential for the execution of contractual obligations, to third parties who are responsible for independent data, such as payment service providers and services logistics necessary for the delivery of the goods sold through the Site. These independent owners process the User's data exclusively for the purposes of the correct execution of orders relating to the services.

7. Rights of interested parties

Users can exercise their rights recognized by the relevant law by contacting the Data Controller in the following ways:

  • by sending a registered letter with return receipt to:
    EKO365 S.B. S.R.L. – Galleria Passarella 1, 20122 – Milan
  • by sending an e-mail to [email protected]

The Data Controller will comply with User requests relating to the processing referred to in paragraph 1, as well as responding to User requests relating to the processing referred to in paragraphs 2, 3 and 4.
Pursuant to current regulations, the Data Controller informs that Users have the right to obtain indication (i) of the origin of the personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in case of transformation carried out with the aid of electronic instruments; (iv) the identification data of the Data Controller and those responsible; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to know them as managers or agents.
Furthermore, users have the right to obtain:

  1. access, updating, rectification or, when interested, integration of data;
  2. the cancellation, transformation into anonymous form or blocking of illegally processed data, including data whose retention is not necessary for the purposes for which the data were collected or subsequently transformed;
  3. the certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

Additionally, users have:

  1. the right to withdraw consent at any time, if the processing is based on their consent;
  2. (if applicable) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to cancellation (“right to be forgotten”);
  3. the right to object:
    1. in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purposes of the collection;
    2. in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication;
    3. if personal data is processed, at any time, for direct marketing purposes, to process their data for that purpose, including analytics to the extent it is connected to such direct marketing;
  4. if they believe that the processing concerning them infringes the Regulation, the right to lodge a complaint with a supervisory authority (in the member state in which they usually reside, in the one in which they work or in the one in which the alleged infringement took place ).

The Italian supervisory authority is the Guarantor for the protection of personal data, located in Piazza di Monte Citorio n. 121, 00186 – Rome.

The Owner is not responsible for updating any links that may appear in this notice; therefore, whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the Site referred to in this Link.

Skip to content