Privacy policy

PRIVACY POLICY – PERSONAL DATA PROCESSING

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)

1. Data Controller

The Data Controller is:
LORAIN SRL
Via Industria, 1 – 23017 Morbegno (SO), Italy
VAT: 00499020147
Email liod@liod.it

2. Categories of Personal Data Processed

The Data Controller processes the following categories of personal data:

  • Identification and contact data (name, surname, email, address, phone);
  • Order and payment data;
  • Website navigation and usage data;
  • Images and multimedia content (UGC), with prior consent;
  • Technical data (IP address, logs, timestamps).

3. Purposes of Processing and Legal Basis

Purpose Legal Basis
Order management and sales contracts Art. 6.1.b GDPR
Shipping and logistics Art. 6.1.b GDPR
Tax and accounting compliance Art. 6.1.c GDPR
Customer support Art. 6.1.b GDPR
Fraud prevention Art. 6.1.f GDPR
Newsletter Art. 6.1.a GDPR (consent)
Marketing via Google Ads Art. 6.1.a GDPR (consent)
Use of UGC Art. 6.1.a GDPR (consent)

4. Newsletter and Promotional Communications

Promotional emails are sent only upon explicit consent via voluntary subscription to the newsletter on www.liod.it or in-store (paper version). Users may withdraw consent at any time using the link provided in every email.

5. Cookies and Tracking Tools

The website uses technical, analytics, and marketing cookies. The full details are available in the dedicated Cookie Policy. Non-essential cookies are installed only with prior consent via a compliant banner.

6. Transfer of Data Outside the EU

Data may be transferred to non-EU countries through: Shopify Inc., Google LLC, and social media platforms, including Meta Platforms, Inc. (Facebook and Instagram), in relation to communication, marketing, and the use of user-generated content (UGC). Transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission and additional safeguards adopted by the providers. Transfers may be based on adequacy decisions or Standard Contractual Clauses (SCC).

7. Data Retention Period

Category Retention
Order/billing data 10 years
Customer account data Until deletion request
Newsletter Until consent is withdrawn
Marketing data Max 24 months
Technical logs Max 12 months
UGC Until consent is withdrawn

8. Processing Methods and Security

Data processing is performed with IT tools protected by SSL encryption, authenticated access, and organizational and technical security measures. Payments are processed by certified providers according to PCI-DSS standards. Electronic payments are handled by certified third-party providers in compliance with EU Payment Services Directive 2015/2366 (PSD2), including Strong Customer Authentication (SCA) procedures.

9. Data Subject Rights

Users may exercise their rights under Articles 15–22 GDPR, including access, rectification, deletion, restriction, portability, objection, and withdrawal of consent. Requests may be submitted via the website chat.

10. Minors

Online sales services are reserved for users aged 18 or older. Minors under 18 may make purchases only through a parent or legal guardian.

11. Updates to the Privacy Policy

The Data Controller reserves the right to update this Privacy Policy. Changes will be communicated on the website.

COOKIE POLICY

This website uses cookies and similar technologies.

Types of Cookies Used

Technical Cookies (Necessary) – Ensure proper functioning of the site and do not require consent.
Analytics Cookies – Used for aggregated statistical analysis. Installed only with prior consent.
Marketing and Profiling Cookies – Used for Google Ads campaigns and remarketing. Installed only with explicit prior consent.

Managing Cookies

Users can accept or reject cookies via the banner, change preferences at any time, and manage cookies through the browser. Refusing non-essential cookies does not affect website navigation.

Last Updated: 07/02/2026