Privacy policy
PRIVACY POLICY – PERSONAL DATA PROCESSING
Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)
1. Data Controller
The Data Controller is:
LORAIN SRL
Via Industria, 1 – 23017 Morbegno (SO), Italy
VAT: 00499020147
Email liod@liod.it
2. Categories of Personal Data Processed
The Data Controller processes the following categories of personal data:
- Identification and contact data (name, surname, email, address, phone);
- Order and payment data;
- Website navigation and usage data;
- Images and multimedia content (UGC), with prior consent;
- Technical data (IP address, logs, timestamps).
3. Purposes of Processing and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Order management and sales contracts | Art. 6.1.b GDPR |
| Shipping and logistics | Art. 6.1.b GDPR |
| Tax and accounting compliance | Art. 6.1.c GDPR |
| Customer support | Art. 6.1.b GDPR |
| Fraud prevention | Art. 6.1.f GDPR |
| Newsletter | Art. 6.1.a GDPR (consent) |
| Marketing via Google Ads | Art. 6.1.a GDPR (consent) |
| Use of UGC | Art. 6.1.a GDPR (consent) |
4. Newsletter and Promotional Communications
Promotional emails are sent only upon explicit consent via voluntary subscription to the newsletter on www.liod.it or in-store (paper version). Users may withdraw consent at any time using the link provided in every email.
5. Cookies and Tracking Tools
The website uses technical, analytics, and marketing cookies. The full details are available in the dedicated Cookie Policy. Non-essential cookies are installed only with prior consent via a compliant banner.
6. Transfer of Data Outside the EU
Data may be transferred to non-EU countries through: Shopify Inc., Google LLC, and social media platforms, including Meta Platforms, Inc. (Facebook and Instagram), in relation to communication, marketing, and the use of user-generated content (UGC). Transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission and additional safeguards adopted by the providers. Transfers may be based on adequacy decisions or Standard Contractual Clauses (SCC).
7. Data Retention Period
| Category | Retention |
|---|---|
| Order/billing data | 10 years |
| Customer account data | Until deletion request |
| Newsletter | Until consent is withdrawn |
| Marketing data | Max 24 months |
| Technical logs | Max 12 months |
| UGC | Until consent is withdrawn |
8. Processing Methods and Security
Data processing is performed with IT tools protected by SSL encryption, authenticated access, and organizational and technical security measures. Payments are processed by certified providers according to PCI-DSS standards. Electronic payments are handled by certified third-party providers in compliance with EU Payment Services Directive 2015/2366 (PSD2), including Strong Customer Authentication (SCA) procedures.
9. Data Subject Rights
Users may exercise their rights under Articles 15–22 GDPR, including access, rectification, deletion, restriction, portability, objection, and withdrawal of consent. Requests may be submitted via the website chat.
10. Minors
Online sales services are reserved for users aged 18 or older. Minors under 18 may make purchases only through a parent or legal guardian.
11. Updates to the Privacy Policy
The Data Controller reserves the right to update this Privacy Policy. Changes will be communicated on the website.
COOKIE POLICY
This website uses cookies and similar technologies.
Types of Cookies Used
Technical Cookies (Necessary) – Ensure proper functioning of the site and do not require consent.
Analytics Cookies – Used for aggregated statistical analysis. Installed only with prior consent.
Marketing and Profiling Cookies – Used for Google Ads campaigns and remarketing. Installed only with explicit prior consent.
Managing Cookies
Users can accept or reject cookies via the banner, change preferences at any time, and manage cookies through the browser. Refusing non-essential cookies does not affect website navigation.
Last Updated: 07/02/2026