PRIVACY AND COOKIE POLICY

EUROCOMITALIA S.R.L.

Last updated: February 20, 2026
Version: 2.0

This privacy and cookie policy describes the personal data collected or generated when you interact with EUROCOMITALIA S.R.L. through our websites, mobile applications, events, stores or any other service offered (collectively "Platform").

We invite you to read this document carefully.

INDEX

1. DATA CONTROLLER

EUROCOMITALIA S.R.L.
Via Sicilia snc, 04018 Sezze (Latina), Italy
VAT: IT01716510597
Email: privacy@eurocomitalia.it

2. PERSONAL DATA COLLECTED

2.1 Data provided directly

When you create an account, make purchases, subscribe to the newsletter or contact support, we collect:

Identifiers: name, surname, date of birth
Contact details: email, phone, shipping/billing address
Credentials: username, password (encrypted)
Tax data: tax code, VAT number (for invoicing)
Commercial: order history, purchase preferences
Payment: managed by PCI-DSS certified providers (we don't store complete card data)

2.2 Data collected automatically

During browsing we collect through cookies:

IP address, device identifier
Browser, operating system, language
Pages visited, time spent, clicks
Referral/destination URL
Geolocation (country from IP; GPS only with consent)

2.3 Data from third parties

We may receive data when:

You use social login (Google, Facebook)
You interact with our content on social networks

3. COOKIES AND TRACKING TECHNOLOGIES

3.1 What they are

Cookies are text files that store information on your device to improve browsing.

We also use: web beacons, pixel tags, local storage, session storage.

3.2 Types used

🔵 TECHNICAL COOKIES (always active - no consent required)

Purposes:

Authentication and session management
Shopping cart
Language and preferences
Security and anti-fraud

Cookies used:

PHPSESSID - User session
cart_token - Cart (30 days)
language - Language (1 year)
cookie_consent - Cookie preferences (1 year)
csrf_token - Security

Legal basis: Legitimate interest (art. 6.1.f GDPR)

🟢 PERFORMANCE AND ANALYTICS COOKIES (require consent)

Purposes:

Traffic and user behavior analysis
Statistics on visited pages
Performance improvement
A/B testing

Third-party services:

Google Analytics 4 (GA4)

Provider: Google Ireland Limited, Dublin, Ireland
Function: Web analytics with anonymized IP
Cookies: _ga (2 years), _gid (24 hours), _ga_* (2 years)
Privacy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout
Transfer: USA via EU-US Data Privacy Framework

Microsoft Clarity

Provider: Microsoft Corporation, Redmond, WA, USA
Function: Heat maps, session recording (masked data)
Cookies: _clck (1 year), _clsk (1 day), CLID (1 year)
Privacy: https://privacy.microsoft.com/privacystatement
Transfer: USA via EU-US Data Privacy Framework
Note: Sensitive data (email, passwords, cards) automatically masked

Legal basis: Consent (art. 6.1.a GDPR)

🟡 FUNCTIONALITY COOKIES - MAPS (require consent)

Google Maps

Provider: Google Ireland Limited, Dublin, Ireland
Function: Map display, store localization
Cookies: NID (6 months), CONSENT, session cookies
Privacy: https://policies.google.com/privacy
Transfer: USA via EU-US Data Privacy Framework

Legal basis: Consent (art. 6.1.a GDPR)

🔴 MARKETING COOKIES (require consent)

Current status: No marketing/advertising services active

If activated in the future, we will request new explicit consent.

3.3 Cookie summary table

Cookie	Type	Provider	Purpose	Duration	Consent
PHPSESSID	Technical	Eurocomitalia	Session	Session	❌ No
cart_token	Technical	Eurocomitalia	Cart	30d	❌ No
language	Technical	Eurocomitalia	Language	1 year	❌ No
cookie_consent	Technical	Eurocomitalia	Preferences	1 year	❌ No
_ga	Analytics	Google	Analytics	2 years	✅ Yes
_gid	Analytics	Google	Analytics	24h	✅ Yes
_clck	Analytics	Microsoft	Clarity	1 year	✅ Yes
_clsk	Analytics	Microsoft	Clarity	1d	✅ Yes
NID	Maps	Google	Maps	6 months	✅ Yes

4. PURPOSES AND LEGAL BASIS

4.1 🔹 Contract performance (art. 6.1.b GDPR)

Purposes:

Order and shipping management
Service delivery
Account management
Payment processing
Customer support
Returns and refunds

Refusal consequence: We cannot provide services.

4.2 🔹 Consent (art. 6.1.a GDPR)

Purposes:

Newsletter and promotional communications
EUROCOMITALIA direct marketing
Profiling for personalized offers
Analytics/marketing cookies
GPS geolocation
Data sharing with commercial partners

How to express:

Pre-deselected checkboxes
Cookie banner with granular choices
Specific authorizations (notifications, GPS)

Withdrawal:

"Unsubscribe" link in emails
Account settings
Cookie settings
Email to privacy@eurocomitalia.it

4.3 🔹 Legitimate interest (art. 6.1.f GDPR)

Purposes:

Platform improvement
Fraud prevention
IT security
Aggregate statistical analysis
Complaint management
Legal defense
Soft-spam direct marketing (similar products already purchased)

Opposition: Contact privacy@eurocomitalia.it

4.4 🔹 Legal obligation (art. 6.1.c GDPR)

Purposes:

Tax/accounting compliance (10 years)
Electronic invoicing
Anti-money laundering
Responses to Authorities

Refusal consequence: We cannot fulfill legal obligations.

5. MINORS

⚠️ Minimum age: 14 years

Services are NOT intended for minors under 14 years.

If you are under 14 years old, you cannot register or use services without explicit and verifiable consent from parents/guardians.

Parents/Guardians: If you discover that a minor under 14 has provided data without authorization, contact us at privacy@eurocomitalia.it - we will immediately delete the data.

6. DATA SHARING

6.1 With whom we share

A) Group companies

Controlled/controlling for administrative purposes

B) Data processors (art. 28 GDPR)

Hosting/cloud
Email providers
Payment services (PCI-DSS)
Couriers/shippers
Marketing/CRM
Analytics (Google, Microsoft)
Customer support
Consultants (accountants, lawyers, IT)

All bound by contracts with security and confidentiality obligations.

C) Commercial partners (only with consent)

Process data as independent Controllers for their marketing

D) Public authorities

When required by law or rights protection

6.2 ❌ We don't sell data

EUROCOMITALIA DOES NOT sell or transfer data to third parties for commercial purposes (except with explicit consent).

7. INTERNATIONAL TRANSFERS

7.1 Extra-EU transfers

Some providers (Google, Microsoft) may transfer data outside EU, including USA.

7.2 Safeguards

United States:

EU-US Data Privacy Framework (Google and Microsoft adherents)
Standard contractual clauses approved by EU Commission
Transfer impact assessments (TIA)

Other countries:

EU Commission adequacy decisions
Standard contractual clauses (SCC)

More info: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en

8. DATA RETENTION

We retain data for the time necessary for the purposes:

Type	Retention period
User account	Until deletion + 1 year
Orders and invoices	10 years (tax obligation)
Newsletter	Until consent withdrawal
Analytics cookies	26 months (GA4), 12 months (Clarity)
System logs	12 months (security)
Complaints/disputes	Until resolution + limitation periods
Job applications	24 months

After the terms, data is deleted or anonymized.

9. SECURITY

We adopt adequate technical and organizational measures:

Technical:

SSL/TLS encryption for transmissions
Encryption of sensitive data at rest
Firewalls and intrusion prevention systems
Regular encrypted backups
Continuous security updates
Access monitoring

Organizational:

Role-based access controls
Staff training
Internal security policies
Periodic audits
Data breach procedures

In case of data breach, we will notify the Privacy Authority and data subjects within legal terms (72h).

10. YOUR RIGHTS

Under GDPR (arts. 15-22) you have the right to:

📌 Access (art. 15)

Obtain confirmation of processing and copy of data

✏️ Rectification (art. 16)

Correct inaccurate or incomplete data

🗑️ Erasure (art. 17 - "right to be forgotten")

Obtain deletion when:

Data no longer necessary
Consent withdrawn
Opposition to processing
Unlawful processing

🔒 Restriction (art. 18)

Restrict processing in case of:

Accuracy contestation
Unlawful processing
Opposition pending verification

📤 Portability (art. 20)

Receive data in structured format and transmit to another controller

🚫 Opposition (art. 21)

Object to processing based on legitimate interest or direct marketing

🤖 No automated profiling (art. 22)

Not be subject to automated decisions with significant effects

❌ Consent withdrawal

Withdraw consent at any time (without prejudice to lawfulness of previous processing)

How to exercise rights

Email: privacy@eurocomitalia.it

Indicating:

Name, surname, registered email
Right you wish to exercise
Copy of ID document (for verification)

Response time: Maximum 1 month (extendable 2 months for complexity)

Complaint to Privacy Authority

You have the right to lodge a complaint with:

Italian Data Protection Authority (Garante)
Piazza Venezia n. 11, 00187 Rome, Italy
Tel: +39 06.696771
Fax: +39 06.69677.3785
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Web: https://www.garanteprivacy.it

11. COOKIE PREFERENCES MANAGEMENT

11.1 Cookie Banner

On first access, we show a cookie banner that allows you to:

✅ Accept all cookies
⚙️ Customize preferences (choose categories)
❌ Reject non-technical cookies

Technical cookies (strictly necessary) are always active.

11.2 Change preferences

You can change cookie preferences at any time through:

"Cookie Management" link in site footer
Browser settings

11.3 Browser Settings

Instructions to block cookies in main browsers:

Chrome: Settings > Privacy and security > Cookies
https://support.google.com/chrome/answer/95647

Firefox: Settings > Privacy and security > Cookies and site data
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Safari: Preferences > Privacy > Cookies
https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

Edge: Settings > Cookies and site permissions
https://support.microsoft.com/en-us/microsoft-edge

Opera: Settings > Privacy and security > Cookies
https://help.opera.com/en/latest/web-preferences/#cookies

⚠️ Warning: Disabling all cookies may compromise site functionality (e.g. login, cart).

12. CHANGES

We may update this policy periodically for:

Regulatory compliance
New features
Security best practices

Substantial changes: We will inform you through:

Site banner
Email (if registered)

Last update date: Always indicated at the top of the document

We invite you to consult this page periodically.

13. CONTACT

For any questions about privacy, cookies or exercise of rights:

EUROCOMITALIA S.R.L.
Via Sicilia snc
04018 Sezze (Latina), Italy

Privacy Email: privacy@eurocomitalia.it
VAT: IT01716510597

Response time: Mon-Fri 9:00-18:00
Reply within: 30 days

QUICK SUMMARY

What	Detail
Controller	EUROCOMITALIA S.R.L., Sezze (LT), Italy
Privacy contact	privacy@eurocomitalia.it
Minimum age	14 years
Data collected	Identifiers, contacts, orders, browsing
Technical cookies	Always active (session, cart, language)
Analytics cookies	Google Analytics, Microsoft Clarity (with consent)
Marketing cookies	None currently active
US transfers	Via Data Privacy Framework
Retention	1 to 10 years depending on purpose
Your rights	Access, rectification, erasure, portability, opposition
Complaint	Privacy Authority www.garanteprivacy.it

✅ Policy compliant with:

EU Regulation 2016/679 (GDPR)
Italian Legislative Decree 196/2003 (Privacy Code)
Privacy Authority Provision no. 229/2021 (Cookie guidelines)
ePrivacy Directive 2002/58/EC