GDPR

1. Legal Basis

This data protection policy is drawn up in accordance with Regulation (EU) 2016/679 (GDPR) and current legislation on data protection in Italy.

It regulates how personal data processed through the website is collected, processed, stored and protected.

Data processing takes place in compliance with the principles of lawfulness, fairness, transparency, purpose limitation and data minimisation.

2. Data Controller

The data controller for personal data is the store's management unit, responsible for the technical and organisational administration of the information provided by users when using the digital services offered through the website.

Data processing takes place exclusively for purposes related to order management, communication with users and the proper functioning of the services.

3. Types of Data Collected

The following categories of personal data may be collected when using the website:

Contact details: email address, telephone number (optional), shipping or billing address
Order and transaction data: products purchased, amounts, payment method used
Technical and usage data: IP address, browser type, date and time of access, preferences, cookies

Data may be provided directly by the user or collected through technical tools necessary for the correct functioning of the website.

4. Purposes and Legal Bases of Processing

Personal data is processed for the following purposes:

execution of purchase contracts and order management
fulfilment of legal and administrative obligations
protection of the legitimate interests of store management, including service improvement and prevention of improper use
ensuring the security and proper technical functioning of the website

Processing is based on contract performance, legal obligations, legitimate interests or the user's explicit consent.

The user may revoke any consent given at any time, without prejudice to the lawfulness of processing carried out prior to revocation.

5. Data Retention and Security

Personal data is retained only for the time necessary to achieve the purposes indicated above.

For administrative and legal reasons, order data may be retained for up to 10 years.
Data processed on the basis of consent is retained until consent is revoked.

Appropriate technical and organisational measures are adopted to prevent unauthorised access, loss, disclosure or alteration of data.

Information is stored on secure servers using security protocols and SSL encryption systems.

6. User Rights

Pursuant to Articles 15 to 22 of the GDPR, the user has the right to:

· obtain information about processed personal data

· request the rectification or updating of data

· request the erasure of data

· obtain restriction of processing

· request data portability

· object to processing for legitimate reasons

· withdraw consent at any time

· lodge a complaint with the competent supervisory authority in Italy

Requests relating to the exercise of these rights can be sent by email to customer service.

7. Policy Update

This data protection policy may be updated periodically to reflect regulatory changes or technical adjustments.

Changes come into effect upon their publication on the website. Users are advised to consult this policy regularly.

8. Contacts

For any questions regarding this data protection policy, please contact us via:

Store Name:Lisa Frigerio
Tel:+39 335 156 3257
E-mail: info@lisafrigerio.it
Address:Viale Abruzzi, 13, 20131 Milano (MI), Italia
Service hours: Monday to Friday, from 9:00 to 16:00 (CET)