This privacy policy describes how we process the personal data of users who visit and purchase on the Lorea website, in accordance with EU Regulation 2016/679 (GDPR) and applicable national data protection laws.
1. Data controller
The data controller is Lorea, 1 Innovation Street, 20121 Milan, Italy — VAT IT01234567890 — email: privacy@lorea.example.
2. Data we process
- Identity and contact details (first name, last name, email, phone).
- Shipping and billing data (address, tax details).
- Payment data, handled through PCI-DSS certified providers.
- Browsing data and technical and analytics cookies.
3. Purposes and legal bases
- Performance of the sales contract (Art. 6.1.b GDPR).
- Compliance with tax and legal obligations (Art. 6.1.c GDPR).
- Marketing, subject to your consent (Art. 6.1.a GDPR).
- Legitimate interest for security and fraud prevention (Art. 6.1.f).
4. Data retention
Data is kept for the time necessary to fulfil the stated purposes and, for tax obligations, for 10 years as required by applicable law.
5. Your rights
You may exercise your rights of access, rectification, erasure, restriction, portability and objection (Art. 15-22 GDPR) at any time by writing to privacy@lorea.example. You also have the right to lodge a complaint with your local data protection authority.
This document is for information purposes within a demo project. For a production site, always have legal texts reviewed by a professional to ensure compliance.