Privacy Policy

Last updated: January 2025

1. Data Controller

Elements Works SRL
Polo Tecnologico di Navacchio
Cascina (PI), Italy
VAT: IT02139410506
Contact: Contact Form

2. What Information We Collect

Information You Provide

When you use our services, we collect:

• Account information: Name, email address, phone number, billing address
• Transaction data: Purchase history, payment details (processed securely by our payment providers)
• Communications: Messages you send us, customer support inquiries
• Marketing preferences: Newsletter subscriptions, communication preferences

Information Collected Automatically

• Technical data: IP address, browser type, device information, operating system
• Usage data: Pages visited, time spent on site, click behavior, referral sources
• Cookies: See Section 8 for details on cookies we use

3. Legal Basis for Processing Your Data

Under GDPR Article 6, we process your personal data based on:

4. How We Use Your Information

• Process and fulfill your orders
• Communicate with you about orders, products, and services
• Send marketing communications (only with your consent)
• Improve our website and services
• Prevent fraud and ensure security
• Comply with legal obligations
• Analyze website usage and customer behavior

5. Data Retention Periods

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Transaction records: 10 years (Italian tax and accounting law requirement)
• Account data: Until you request account deletion
• Marketing data: Until you withdraw consent or unsubscribe
• Analytics data: 26 months (Google Analytics default)
• Technical logs: 12 months

6. Your Rights Under GDPR

As an EU resident, you have the following rights:

To exercise your rights, contact us through: Contact Form

7. How to Withdraw Consent

You can withdraw your consent for marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Using our contact form
• Adjusting your account preferences

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

8. Cookies

We use cookies to improve your experience on our site. When you first visit, you'll see a cookie consent banner allowing you to accept or decline non-essential cookies.

Essential Cookies (Always Active)

These cookies are necessary for the website to function:

• _session_id: Maintains your session while browsing
• cart: Stores items in your shopping cart (2 weeks)
• _secure_session_id: Security token for your session
• storefront_digest: Password-protected store access

Analytics Cookies (Require Consent)

• _shopify_visit: Tracks visit statistics (30 minutes)
• _shopify_uniq: Counts unique visitors (24 hours)
• Google Analytics (_ga, _gid): Analyzes website usage

Marketing Cookies (Require Consent)

• PREF: Google advertising preferences
• Geolizr cookies: Language and location preferences

You can manage cookie preferences through our cookie banner or your browser settings.

9. Third-Party Services

Shopify

Our store is hosted on Shopify Inc. (Canada/USA). They provide secure infrastructure and data storage. Shopify is certified under the EU-US Data Privacy Framework. For more information, see Shopify's Privacy Policy.

Payment Processors

Payment card data is processed by PCI-DSS compliant payment gateways. We never store your full credit card information. Payment data is encrypted using SSL/TLS and stored only as long as necessary to complete your transaction.

Google Analytics

We use Google Analytics to understand how visitors use our site. Google Analytics uses cookies and may transfer data to the USA. Data is anonymized where possible. See Google's Privacy Policy.

Other Services

We may use additional third-party services (email providers, shipping companies, etc.). These providers only access data necessary to perform their services and are bound by confidentiality agreements.

10. International Data Transfers

Some of our service providers (Shopify, Google) are located outside the EU. When transferring data internationally, we ensure adequate protection through:

• EU-US Data Privacy Framework certifications
• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Adequacy decisions for certain countries

11. Data Security

We implement industry-standard security measures to protect your data:

• SSL/TLS encryption for data transmission
• AES-256 encryption for stored payment data
• PCI-DSS compliance for payment processing
• Regular security audits and updates
• Access controls and authentication
• Secure server infrastructure behind firewalls

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

• Notify the Italian Data Protection Authority within 72 hours (as required by GDPR)
• Inform affected individuals if the breach poses a high risk to your rights and freedoms
• Take immediate action to contain and remedy the breach

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Any data analysis is used solely for improving our services and is subject to human oversight.

14. Age Restrictions

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you are under 16, please do not use our services or provide any personal information. If we learn we have collected data from a child under 16, we will delete it promptly.

15. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of other sites. We encourage you to read their privacy policies when you leave our site.

16. Changes to This Privacy Policy

We may update this policy from time to time. Changes will take effect when posted on this page. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this page
• Sending an email notification for significant changes
• Displaying a prominent notice on our website

We recommend reviewing this policy periodically.

17. Business Transfers

If Elements Works SRL is acquired, merged, or sells assets, your personal data may be transferred to the new owners. We will notify you of any such transfer and inform you of any choices you may have regarding your data.

18. Contact Us

19. Italian Data Protection Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

---

This privacy policy complies with the EU General Data Protection Regulation (GDPR) 2016/679 and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.