Following a policy of transparency and fairness, in compliance with current regulations and in particular with reference to the applicable national regulations and the European Privacy Regulation no. 679/2016 ("GDPR", hereinafter "Privacy Code"), EASYLIFE S.p.A. provides some information regarding the processing of personal data provided by the user.

easylife.house is a registered trademark and web portal owned by EASYLIFE S.p.A.

It should be noted that, according to article 4, paragraph 1, letter a), of the Privacy Code, processing means: "any operation or set of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction of data, even if not recorded in a database".

1. PURPOSE OF DATA PROCESSING

1.1. The data provided or otherwise acquired by the Data Controller directly from the User or from third parties, are processed by our company and/or by our employees for the following purposes:

1. a) to carry out our activities in execution, management, conclusion, fulfillment of the pre-contractual and contractual relationships in place, to provide the services requested or foreseen in favor of the User, as well as to carry out activities closely related to them;


2. b) to fulfill obligations provided for by laws, regulations, provisions issued by authorities and supervisory and control bodies;


3. c) to carry out commercial activities to promote services and products offered by the Data Controller and/or its commercial partners, including the sending of advertising material or periodic communications.

1.2. The Data Controller will proceed with the collection or processing of data. These data may subsequently be acquired and processed by the Data Controller's Partner entities that will have to deliver the goods or provide the services purchased, as long as such processing is instrumental to the specific purpose pursued by the operation or the requested services.

1.3. The data collected will also be processed by the Data Controller, without the need for explicit consent in accordance with the provisions of article 130, paragraph 4, of the Privacy Code and the Garante's provision "Simplifications of certain obligations in the public and private sectors with respect to processing for administrative and accounting purposes" of 06/19/2008, for commercial communication, product or service offers, sending advertising material, and conducting market research by the Data Controller via postal mail and email. Pursuant to article 7, paragraph 4, of the Privacy Code, the customer can object at any time "to the processing of personal data concerning them for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication".

2. DATA PROCESSING METHODS

2.1. The processing in question is carried out according to the methods provided for by the Privacy Code, also through electronic and automated tools, by means of non-exhaustive operations such as collection, registration, organization, storage, processing, selection, comparison, use, interconnection, consultation, communication, deletion, destruction, blocking of data, according to principles of security/protection, accessibility, confidentiality, and integrity. The same data are processed and held within the terms compulsorily provided by law, within the limits and in the manner specified by it. The processing is carried out directly by the Data Controller's organization and by external entities to this organization, part of the network of its commercial partners, delegated as data processors/responsible for the same company and/or entities closely related to the functioning of the same and/or the fulfillment of the contractually foreseen activities and requested by you (in addition to what is specified in point 4). The data are not subject to dissemination.

2.2. SPECIFIC INFORMATION FOR EASYLIFE APP

The Easylife app may request the user's location. If explicitly requested by the application, this permission is solely to ensure its proper technical functioning.

The user's location data is NOT collected by the data controller in any way.

3. PROVISION OF DATA

The provision of personal data is necessary for the conclusion, management of the contract, and for the best execution of the contractual services foreseen, as well as for the performance of activities strictly related to the fulfillment of such services. The provision of data may be mandatory based on law, regulation, or community legislation.

The possible refusal of expressed consent to the processing of data makes it impossible to conclude or execute the contract and/or to perform the requested services or contractually foreseen. The provision of personal data for the purpose of information and commercial promotion of the services and offers promoted by the Data Controller is optional and does not entail any consequences regarding the contractual relationship.

4. SCOPE OF DATA COMMUNICATION AND DISSEMINATION

4.1. The data provided may be communicated for the purposes described in point 1.1 a) and to be subject to processing for the same purposes, to the following entities:

1. a) Collaborators of the Data Controller;


2. b) External entities to the Data Controller's organization that carry out activities related and instrumental to the management of the contractual relationship, including, trusted personnel, lawyers, experts, business consulting firms, consultants, professional firms, data and service management entities, credit recovery companies, entities and bodies that carry out electronic data management and payment services, companies that carry out printing, transmission, enveloping, transport and sorting of communications to customers, documentation archiving services, and companies specializing in data entry services, provision of IT services, administrative and accounting management services, through entities appointed by the Data Controller.

The data may also be communicated for the purposes referred to in point 1.1 c) to collaborators as well as appointees of the Data Controller.

4.2. Personal data will not be disseminated, made available, or given for consultation in any form to subjects other than those indicated in the previous point 4.1 or to undetermined subjects.

5. RIGHTS OF THE DATA SUBJECT IN RELATION TO DATA PROCESSING

5.1. The data subject has the rights referred to in art. 7 of the Privacy Code and art. 15 (right of access) of the European Regulation EU 2016/679, namely the rights to:

1. obtain confirmation of the existence or otherwise of personal data concerning them, even if not yet recorded, and their communication in an intelligible form.


2. obtain information:
   
   
   
   • a) of the origin of personal data;
   
   
   • b) of the purposes and methods of processing;
   
   
   • c) of the logic applied in case of processing carried out with the aid of electronic tools;
   
   
   • d) of the identification details of the data controller, data processors, and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;
   
   
   • e) of the entities or categories of entities to whom the personal data may be communicated or who may become aware of it as designated representatives in the state, data processors, or appointees.
   
   
   
   


3. obtain:
   
   
   
   • a) the updating, rectification, or, when interested, the integration of data;
   
   
   • b) the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those for which retention is unnecessary in relation to the purposes for which the data was collected or subsequently processed;
   
   
   • c) the certification that the operations referred to in letters a) and b) have been brought to the attention, also regarding their content, of those to whom the data were communicated or disseminated, except in cases where such fulfillment is impossible or involves a disproportionate use of means compared to the right protected.
   
   
   
   


4. oppose, in whole or in part:
   
   
   
   • a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection;
   
   
   • b) to the processing of personal data concerning them for the purpose of sending advertising material or direct selling or for conducting market research or commercial communication;
   
   
   
   


5. the right to lodge a complaint with the supervisory authority for any matter related to the said data processing. Pursuant to articles 16 to 22 of the European Regulation EU 2016/679, the data subject can exercise:


6. the right to rectification (art. 16),


7. the right to erasure ("right to be forgotten") (art. 17),


8. the right to restriction of processing (art. 18),


9. the right to obtain from the Data Controller the notification to recipients to whom the data has been transmitted of any rectifications or erasures or restrictions of processing (art. 19),


10. the right to data portability (art. 20),


11. the right to object (art. 21),


12. the right to refuse automated processing (art. 22).

In this way, you are allowed to access your data to:

• Verify its accuracy;


• Modify it if it becomes inaccurate;


• Integrate it, even with a supplementary statement;


• Request its deletion;


• Limit its processing;


• Object to its processing.

The data subject may revoke their consent at any time in relation to the distinct purposes indicated above, except for the impossibility of continuing commercial relationships as indicated and subject to the processing of data previously acquired for the fulfillment of fiscal and tax obligations arising from the contracts concluded.

6. DATA DELETION

The Data Controller, in compliance with the corresponding right of access to the data subject, has prepared procedures for which the data subjects may request the deletion without unjustified delay of personal data or the limitation of the processing of personal data concerning them for the following reasons:

• Because the data is no longer necessary for the purposes for which it was collected;


• Because the data subject has revoked consent;


• Because the data subject objects to the processing;


• Because the data is processed unlawfully.

To exercise the rights just summarized, you may contact the Data Controller directly, in the manner described in art. 9 of the Privacy Code. In particular, you can send a communication by registered letter addressed to: EASYLIFE S.p.A., with registered office Via Felice Casati, 20 (20124 MI); an email to: info@easylife.house

7. DATA CONTROLLER

7.1. The data provided may be processed by the Data Controller and all its collaborators and/or employees.

7.2. The data provided may be processed by third parties, possibly called upon to carry out processing operations on behalf of the Data Controller, appointed as external data processors:

1. a) subjects linked to the Data Controller by an agency relationship pursuant to arts. 1742 et seq. of the Civil Code;


2. b) companies that carry out printing, transmission, enveloping, transport, and sorting of communications to customers;


3. c) companies that provide documentation archiving services related to the relationships with customers;


4. d) companies that conduct surveys about: quality of services provided, customer satisfaction, offering new products, etc.;


5. e) companies that provide services related to the delivery, measurement, and optimization of websites and Internet communication campaigns.

7.3. The list of Data Processors is constantly updated and can be requested by sending a communication in the manner indicated in point 6.2.

8. TYPES OF DATA COLLECTED

8.1. Among the Personal Data collected by this Platform, either independently or through third parties, there are: Website, Name, Surname, Phone Number, Company Name, VAT Number, Address, Province, Email, Cookies, Usage Data, Type of service chosen by the potential customer, and Password.

8.2. Other Personal Data collected may be indicated in other sections of this privacy policy or through informative texts displayed at the same time as the collection of the Data itself. Personal Data can be entered voluntarily by the User, or collected automatically during the use of this Platform. The possible use of Cookies - or other tracking tools - by this Platform or the owners of third-party services used by this Application, unless otherwise specified, has the purpose of identifying the User and recording their preferences for purposes strictly related to the provision of the service requested by the User.

8.3. The failure to provide certain Personal Data by the User may prevent this Platform from providing its services.

8.4. The User assumes responsibility for the Personal Data of third parties published or shared through this Platform and guarantees that they have the right to communicate or disseminate them, releasing the Data Controller from any responsibility towards third parties.

9. FURTHER INFORMATION ON DATA PROCESSING

9.1. Minimum security measures and methods of storing the collected data

Pursuant to art. 31 of the Privacy Code, a series of measures must be adopted to ensure the security of the collected data and systems, minimizing the risks of destruction, loss, even accidental, of the data itself, and preventing any type of unauthorized access or unauthorized or non-compliant processing with the purposes of the collection. The data provided will be collected by the Data Controller through the use of electronic tools and for this reason, in compliance with what is prescribed by Annex B of the Privacy Code, additional security measures will be observed, such as:

• a) the adoption of a system of computer authentication;


• b) the adoption of an authorization system, if authorization profiles of different areas are identified for the data processors.

In the first case, the authentication credentials consist either of a code for identifying the data processor associated with a password or an authentication device, both of which are reserved and known only to the same. The identification code cannot be assigned to more than one data processor, not even at different times, while the authentication credentials are deactivated in case of prolonged inactivity (at least six months) or in case of loss of the quality that allowed the data processor to access personal data.

In the second case, the authorization profiles must be identified and configured before starting the processing of personal data and it must be verified, at least annually, that the conditions for their retention exist.

EASYLIFE S.p.A., as the data controller, undertakes to equip itself with suitable electronic tools, updated at least semi-annually, designed to protect the collected personal data against the risk of intrusion and against the risk of spreading software aimed at damaging or interrupting the computer system. The programs aimed at preventing the vulnerability of electronic tools will be updated annually, while at least weekly technical instructions must be given to save the collected data. In cases where the Data Controller uses external personnel to its structure, a written declaration of the intervention carried out must always be issued to certify its compliance with the regulatory requirements.

9.2. Security measures for personal data

Pursuant to art. 32 of the European Regulation EU 2016/679, adequate security measures will be adopted to ensure the security of personal data, and in the event of a violation, this will be communicated to the national supervisory authority in the ways set out in art. 33 of the same European Regulation; moreover, in the cases provided for in the subsequent art. 34, the violation will be communicated to the data subject.

9.3. Defense in court

The User's Personal Data may be used for the defense by the Data Controller in court or in the stages leading to its possible establishment, from abuses in the use of the same or related services by the User.

9.4. Specific information

In addition to the information contained in this privacy policy, this Platform may provide the User with contextual information concerning specific services, or the collection and processing of Personal Data.

9.5. System logs and maintenance

For operational and maintenance needs, this Platform and any third-party services used by it may collect system logs, i.e., files that record interactions and may also contain Personal Data, such as the User's IP address.

9.6. Information not contained in this policy

More information in relation to the processing of Personal Data can be requested at any time from the Data Controller using the contact information.

9.7. Exercise of rights by Users

The subjects to whom the Personal Data refers have the right at any time to obtain confirmation of the existence or otherwise of the same with the Data Controller, to know their content and origin, to verify their accuracy or request their integration, deletion, updating, rectification, transformation into anonymous form, or blocking of Personal Data processed in violation of the law, as well as to oppose, in any case, for legitimate reasons, their processing. Requests should be addressed to the Data Controller. This Platform may not support "do not track" requests, that is, those that do not allow the User's traceability. To know if the possible third-party services used support them, consult their privacy policies.

9.8. Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. Therefore, please consult this page frequently, taking as reference the date of the last modification indicated below. In the case of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Application and may request the Data Controller to delete their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that time.

10. COOKIE POLICY

In compliance with the Provision no. 229 issued by the Italian Data Protection Authority on May 8, 2014, EASYLIFE S.p.A. provides the following information about cookies, their functions, and how to disable them if necessary.

POLICY ON THE USE OF COOKIES

Like many other web pages, the easylife.house Platform also uses cookies. In this section, we explain our cookie policy so you understand what we are talking about.

What is a cookie?

A cookie is a small file that is downloaded to a user's browser to store data that can be retrieved by the entity responsible for its installation. Cookies are essential for the functioning of the Internet and, furthermore, facilitate navigation.

What is a cookie for?

Cookies are used to store various types of information. There are many types of cookies, which can be classified based on the entity that manages them (own cookies or third-party cookies), the period of time they remain active (session cookies or persistent cookies), or based on the purpose (technical cookies, personalization cookies, analytical cookies, advertising cookies, or behavioral advertising cookies). For example, a cookie is one that allows you to remember a user's login data (if we store data on your computer, such as your preferences and settings, these, such as the language, can be automatically reset on your next visit without you having to set them again), obtain information about your browsing habits (to improve your experience), or present you with the most relevant advertising based on the information collected.

How can I revoke my consent and delete cookies?

What you can do is configure your browser to stop accepting cookies or notify you whenever you visit a website that uses them. Please note that if you revoke your consent, it is likely that there are sections or applications on the website that you will not be able to use.

Types of cookies used by easylife.house

• Performance improvement cookies
  
  
  
  • These types of cookies save your preferences for certain services or settings (such as language or currency) so you do not have to reconfigure them every time you visit our portal. In some cases, these changes can be made by third parties.
  
  
  
  


• Analytical cookies
  
  
  
  • These cookies allow us to count the number of visitors and analyze statistically the use of our Platform by users. This data can be processed by us or by third parties and thanks to them we can study navigation within our Platform and improve its appearance.
  
  
  
  


• Geolocation cookies
  
  
  
  • They are used to geographically locate the location of computers, smartphones, or tablets to offer the most appropriate content and services based on where they are located.
  
  
  
  


• Registration cookies
  
  
  
  • When you register on our Platform, cookies are generated that identify you as a registered user. They can be used to identify your user profile and associated services and remain saved if you do not log out, turn off the computer, or the device. These cookies can be used by combining analytical data to individually identify your preferences in our portal.
  
  
  
  


• Advertising cookies
  
  
  
  • They are those that allow managing effectively the promotional spaces of our Partners, in such a way as to adapt the content of the advertisement to the use you make of our website. They can be processed by us or by third parties, and thanks to them we can know your browsing habits on the Internet and show you the advertisements related to them.
  
  
  
  


• Other third-party cookies
  
  
  
  • easylife.house may also eventually install Partner cookies that allow managing and improving the services they offer.
  
  
  
  

EASYLIFE S.p.A., through its IT Platform at easylife.house, can use the types of cookies mentioned above for communications with profiling purposes and for direct marketing that will only take place with the consent to online profiling by the data subject (such consent is optional and is requested, along with others, when the user registers on the Platform).

If a user requests the deletion of cookies through their browser, our cookies will be effectively removed (it is not one of those cookies that resist the deletion request made through the browser). Therefore, we recommend all those interested who do not want our cookie to delete it simply by going to the privacy settings of their browsing browser and selecting the option to delete cookies.

The use of other persistent cookies and session cookies (which are not persistently stored on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the website.

The cookies used on this site avoid the use of other IT techniques potentially harmful to the confidentiality of users' navigation and do not allow the acquisition of personal identification data of the User.

EASYLIFE S.p.A., for its statistical purposes, may eventually use the Google Analytics service, a web analysis service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are text files that are stored on your computer to allow EASYLIFE S.p.A. to analyze how users use the Platform. The information generated by the cookies about your use of the Platform (including your IP address) will be transmitted and stored by Google on servers in the United States. Google will use this information for the purpose of tracking and examining access to the Platform and providing other services related to Internet use. Google may also transfer this information to third parties where required by law or where such third parties process the information on behalf of Google.

11. ADDITIONAL SERVICES USED

11.1 Stripe

We use Stripe to manage online payments. Stripe collects payment information necessary to complete the transaction. For more details on how Stripe handles your data, visit their privacy policy.

11.2 WhatsApp Business Chat widget

We use the WhatsApp Business chat widget to provide real-time customer support. WhatsApp may collect communication data. For more information, see their privacy policy.

11.3 Google Fonts

We use Google Fonts to ensure consistent font display. When you visit our site, your browser loads the necessary fonts from Google's servers, which may log your IP address. For more details, read the Google Fonts privacy policy.

11.4 Google Tag Manager

We use Google Tag Manager to manage the tags on our website. Google Tag Manager itself does not collect personal data, but it can activate other tags that may collect data. For more information, see Google's privacy policy.

11.5 Google Analytics 4

We use Google Analytics 4 to analyze website usage and collect statistical information. Google Analytics 4 uses cookies to collect data on visitor behavior. For more information, visit the Google Analytics privacy policy.