Privacy Policy
Last updated: January 2026
1. Data Controller
The data controller for personal data is Valuxxo Italia S.r.l., registered in Italy.
2. Data We Collect
We collect the following types of personal data:
- Identification data: first name, last name, email address
- Contact data: phone number, shipping address
- Browsing data: IP address, browser, pages visited
- Purchase data: order history, product preferences
- Profile data: skin type, skincare routine (if voluntarily provided)
3. Purposes of Processing
Your personal data is processed for the following purposes:
- Order and shipping management
- User account creation and management
- Customer service and after-sales support
- Sending commercial communications (subject to consent)
- Personalisation of the browsing experience
- Anonymous statistical analysis to improve our services
- Fulfilment of legal and tax obligations
4. Legal Basis
The processing of data is based on:
- Contractual performance: for the management of orders
- Consent: for sending newsletters and marketing communications
- Legitimate interest: to improve our services
- Legal obligation: for tax and accounting compliance
5. Data Retention
Personal data is retained for the time necessary to achieve the purposes for which it was collected:
- Purchase data: 10 years (tax obligations)
- Account data: until account deletion
- Marketing data: until consent is withdrawn
- Browsing data: 26 months
6. Data Sharing
Your data may be shared with:
- Couriers for order delivery
- Payment service providers (Stripe)
- IT and hosting service providers
- Legal and tax advisors
We do not sell or transfer your personal data to third parties for marketing purposes.
7. Your Rights (GDPR)
As a data subject, you have the right to:
Access
Obtain confirmation of processing and a copy of your data
Rectification
Correct inaccurate or incomplete data
Erasure
Request the deletion of your data
Restriction
Restrict processing in certain circumstances
Portability
Receive your data in a structured format
Objection
Object to processing for marketing purposes
To exercise your rights, contact us at [email protected]
8. Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss or destruction, including:
- SSL/TLS encryption for all communications
- Restricted access to personal data
- Continuous security monitoring
- Regular data backups
9. Cookies
We use cookies and similar technologies. For more information, please read our Cookie Policy.
10. Complaints
You have the right to lodge a complaint with the relevant data protection authority if you believe that the processing of your data violates GDPR.
Information Commissioner's Office (ICO) / relevant national authority
ec.europa.eu/info/law/law-topic/data-protection
11. Changes
We reserve the right to amend this Privacy Policy. Any changes will be published on this page with the updated date indicated.
