INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS OF THE  ELIXI WEB STORE

Dear Customer,

At Elixi, we take your privacy seriously and are committed to being transparent about how we handle your personal information. In line with relevant regulations, we want to make sure you understand why, how, and under what conditions your data is collected, used, stored, and protected. We respect the privacy of everyone who interacts with our platform and are dedicated to providing clear information about our privacy practices and policies.

This information is provided exclusively for the https://www.elixi-int.store/ website and includes the mandatory content in accordance with the Swiss Federal Data Protection Act (nLPD) and the European Regulation 2016/679/EU.

About us

ELIXI International SA operates in the European and international markets in conjunction with its subsidiaries. With respect to the processing carried out in the course of browsing, it plays the role of Data Controller. In order to meet your requests, some of your personal data may be transferred to our foreign subsidiaries. The transfer of your data is carried out with due guarantees and the exercise of your rights is guaranteed.

You can contact us at the following addresses:

Tel: +41 (0)91 6822040

e-mail: info@elixi-int.com   

Address: Vicolo Oldelli 12, 6830 Chiasso (TI)

You may also contact our DPO at: dpo@elixi-int.com

Why do we acquire data?

Managing subscription & Shipping purposes

When and which	For what reason	Under what conditions
During the account registration process and for management purposes, we collect: your name, last name, email, billing address, and shipping address. Additionally, you may want to provide your mobile number or any other information useful for shipping –  not mandatory to  access the service	Allow users to access the shop, track their orders (including order history), manage deliveries, and make requests. This also helps us handle deliveries and orders efficiently and meet legal, administrative and tax obligations.	These processing activities are aimed at selling products through digital platforms, following specific regulations, and facilitating a contract between the parties. No consent from the user is required.

How we manage them

Our entire online environment is hosted on a European data center infrastructure, which is kept up-to-date and staffed to prevent the loss, compromise, or unauthorized disclosure of your personal data. Designed and built to ensure security at all levels and maximum service continuity, it is ISO 27001 certified.

To use your personal data securely and in a controlled manner, we employ secure development environments (WordPress) and secure sharing methods (HTTPS and API) between the applications we use. Under no circumstances do we use automated decision-making processes. We also control data retention times to ensure data is not kept longer than necessary.

Payment information is maintained in physically separate environments and managed by qualified entities in compliance with digital transaction regulations

Payment managing purpose

When and which	For what reason	Under what conditions
Payments on our site are processed by a third-party service, to ensure secure and efficient handling of your transactions. You’ll be required to provide payment’s account information (es. Paypal) and/or to provide information regarding your payment method including Card ID, expiration date and CVV	To collect payments as per the “Terms and conditions ” while ensuring we comply with regulations that keep Europe’s financial sector resilient during major disruptions. We also prioritize IT security for financial entities (like banks, insurance companies, and investment firms) and their ICT service providers. In order to prevent financial and computer fraud.	This is done in accordance with the contract between the parties and legal obligations, for a public and legitimate interest

How we manage them

Payment information is maintained in physically separate environments and managed in compliance with digital transaction regulations. We use secure development environments (WordPress) and secure sharing methods (HTTPS and API) between the applications we use. All information in transit is encrypted to protect your data. Under no circumstances do we use automated decision-making processes. We also control data retention times to ensure data is not kept longer than necessary, with strict measures in place to oversee these period.

The payment gateway encrypts sensitive payment data and forwards it to the bank for authorization. At this stage, the customer may be redirected to an external page of the payment processor for additional transaction verification or remain on the eCommerce page, depending on the specific features of the gateway.

Once authorization is obtained, the payment gateway notifies both the merchant and the customer of the successful payment. Finally, the payment gateway transfers the funds from the consumer’s account to the merchant, and the customer is redirected back to the eCommerce site where they receive further confirmation, including information about the shipment of the purchased products.

To allow browsing and to consent the customize navigation choices

When and which	For what reason	Under what conditions
While browsing the Internet Data and metadata generated or transmitted by browsing protocols. In some cases, data relating to social accounts	to obtain anonymous statistical information on the use of the site and to monitor its proper functioning	Legitimate interest of the company in assisting and enhancing the user experience by overseeing functionality and security levels.
	Monitor the operation of the website also for the purpose of maintaining and monitoring security levels
	Check the progress of campaigns, user interactions with our social media, and the settings of the devices used to connect to our site	In relation to consent given in connection with direct and/or third-party tracking systems. Preferences are always modifiable
	Allow integration with social platforms linked to the site (Maps, Linkedin, etc.)	Acceptance of third-party cookies required when accessing the site

How we manage them

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data concerning you, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

Further details in relation to the tools used and the way they work are listed under ‘Cookies’.

This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This data is used for the sole purpose of facilitating the management of the site and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site: except for this possibility, at present, the data collected is not retained beyond what is indicated in the relevant cookie policy.

Processing data subject’s requests

When and which	For what reason	Under what conditions
Interacting with our contact form or keep in contact whit our customer support Username, First Name, LastName, e-mail, date and time of registration/access. when you make requests regarding your rights All the information necessary to verify the legitimacy of the request and/or all the details included in the request.	to fulfil the requests received	In order to make Customer Service accessible to the customers

How we manage them

The entire online environment is hosted on a European data center infrastructure that is kept up-to-date and manned to prevent the loss, compromise or unauthorized disclosure of your personal data.

In order to be able to use your personal data in a secure and controlled manner, we use secure development environments (Wordpress) and secure sharing modes (https and api) between the applications we use, and under no circumstances do we use automated decision-making processes. We control data retention times in order not to keep the data longer than necessary.

How long do we keep them

The retention periods are determined according to the purposes for which they were acquired and in particular:

• Managing subscription & Shipping purposes: Your data will be stored on our website for as long as you remain registered on the platform and for 6 months thereafter. If you make any purchases, your data will be retained for ten years following the issuance of accounting and/or tax documents
• Browsing data, including statistical or anonymised data, will be stored for the time period indicated in the cookie policy
• Data voluntarily provided by the User on occasion of direct contact to our customer services until we fulfill your request

Further retention periods may be determined due to additional needs determined by regulatory burdens, for needs related to the fight against fraud, including computer fraud, for defensive needs in the event of litigation.

Where we store them

Data acquired through the site are stored in secure digital archives in Switzerland, no transfer outside the Country is envisaged.

How we protect them

• We use personnel trained and qualified in the secure handling of your information;
• We adopt tools that allow you to change your choices in relation to the use of your personal data, if any;
• All our systems include measures to prevent unauthorised access and loss of information integrity, among others:
  • We provide for selection criteria, in the choice of suppliers and external collaborators, based on compliance with adequate safety levels.
  • We control access to our systems and applications with the use of strong authentication systems and the profiling of user access levels to the systems
  • We test the effectiveness of our technical and organisational measures over time
• Information is browsed, exchanged and transmitted using systems that preserve the confidentiality of personal data (encryption of information in transit and at rest).
• Our systems are guarded in order to prevent compromise, loss or unforeseen use of our online systems.

With whom we share them

Your personal data may be communicated to

1. Internal staff within our organisation,
2. Our trusted collaborators, particularly in relation to the handling of requests received from the contact form
3. In-house personnel to our selected suppliers chosen with regard to security guarantees and responsibility in processing
4. Third party

Uncontrolled disclosure of its information is not envisaged. The methods of communication are supervised.

How can you protect your rights

It will always be possible to exercise rights such as: access to personal data, their rectification or deletion, restriction of their processing or opposition to their processing, without formalities, by contacting our official contact channels or writing to

e-mail: info@elixi-int.com   

e-mail: dpo@elixi-int.com

We will reply to your request as soon as possible and in any case for no longer than 30 days from the request. This deadline may be extended in the event of particular complexity and number of requests.

Rights of Complaint

In the event of non-compliance with the request or if you consider that your data is being processed in a manner contrary to applicable law, you may always lodge a complaint with the competent Control Authority:

   Notification of data protection breaches for third parties (admin.ch)