Skip to main content

Privacy Policy

Last updated: January 2026

1. Data Controller

The data controller for personal data is Valuxxo Italia S.r.l., registered in Italy.

Milan, Italy

2. Data We Collect

We collect the following types of personal data:

  • Identification data: first name, last name, email address
  • Contact data: phone number, shipping address
  • Browsing data: IP address, browser, pages visited
  • Purchase data: order history, product preferences
  • Profile data: skin type, skincare routine (if voluntarily provided)

3. Purposes of Processing

Your personal data is processed for the following purposes:

  • Order and shipping management
  • User account creation and management
  • Customer service and after-sales support
  • Sending commercial communications (subject to consent)
  • Personalisation of the browsing experience
  • Anonymous statistical analysis to improve our services
  • Fulfilment of legal and tax obligations

4. Legal Basis

The processing of data is based on:

  • Contractual performance: for the management of orders
  • Consent: for sending newsletters and marketing communications
  • Legitimate interest: to improve our services
  • Legal obligation: for tax and accounting compliance

5. Data Retention

Personal data is retained for the time necessary to achieve the purposes for which it was collected:

  • Purchase data: 10 years (tax obligations)
  • Account data: until account deletion
  • Marketing data: until consent is withdrawn
  • Browsing data: 26 months

6. Data Sharing

Your data may be shared with:

  • Couriers for order delivery
  • Payment service providers (Stripe)
  • IT and hosting service providers
  • Legal and tax advisors

We do not sell or transfer your personal data to third parties for marketing purposes.

7. Your Rights (GDPR)

As a data subject, you have the right to:

Access

Obtain confirmation of processing and a copy of your data

Rectification

Correct inaccurate or incomplete data

Erasure

Request the deletion of your data

Restriction

Restrict processing in certain circumstances

Portability

Receive your data in a structured format

Objection

Object to processing for marketing purposes

To exercise your rights, contact us at [email protected]

8. Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss or destruction, including:

  • SSL/TLS encryption for all communications
  • Restricted access to personal data
  • Continuous security monitoring
  • Regular data backups

9. Cookies

We use cookies and similar technologies. For more information, please read our Cookie Policy.

10. Complaints

You have the right to lodge a complaint with the relevant data protection authority if you believe that the processing of your data violates GDPR.

Information Commissioner's Office (ICO) / relevant national authority

ec.europa.eu/info/law/law-topic/data-protection

11. Changes

We reserve the right to amend this Privacy Policy. Any changes will be published on this page with the updated date indicated.