Legal

Privacy Policy

How we collect, use, and protect your personal data — straightforward, GDPR-aligned, no surprises.

Last updated · 13 May 2026

Who we are

LIETA Milano (“LIETA”, “we”, “us”) is the data controller for personal data processed through lietamilano.com. You can reach us at [email protected].

What we collect

We collect only what we need to serve you well:

Account & order data — name, email, shipping and billing address, order history.
Newsletter — email address (only if you subscribe).
Customer-care correspondence — messages you send us and our replies.
Browsing data — pages visited, device type, approximate location (city-level). Used to improve the site and prevent fraud.
Cookies — see our Cookie Policy.

Why we use it

To fulfil orders, manage returns, and provide customer support.
To send the LIETA newsletter (only if you opted in — you can unsubscribe anytime).
To improve the site, prevent fraud, and meet legal obligations.
We do not sell your data, ever. We do not use it for third-party advertising.

Who we share it with

Only the partners required to deliver your order or run the business:

Payment processors — Stripe / Shopify Payments (for purchases).
Shipping carriers — to deliver your order (name + address only).
Hosting — Vercel, Cloudflare, Railway (where the site runs).
Email service — for transactional emails and the newsletter.

Each is a processor bound by GDPR-compliant contracts.

How long we keep it

Order records: 10 years (tax law). Newsletter subscriptions: until you unsubscribe. Browsing logs: 30 days. Customer-care emails: 3 years.

Your rights (GDPR)

You have the right to:

Access the personal data we hold about you.
Correct it if it is wrong.
Delete it (the “right to be forgotten”), unless we are legally required to keep it (e.g., order records).
Restrict or object to its processing.
Take it with you (data portability).
Lodge a complaint with your local data-protection authority.

To exercise any of these, email [email protected]. We respond within 30 days.

International transfers

Your data is stored within the EU/EEA. Some of our processors (e.g., Stripe, Cloudflare) may transfer data outside the EU under Standard Contractual Clauses or equivalent safeguards.

Changes to this policy

We'll update this page when our practices change. If the change is material, we'll email subscribers and post a notice on the site.

What we collect

We collect only what we need to serve you well:

Account & order data — name, email, shipping and billing address, order history.

Newsletter — email address (only if you subscribe).

Customer-care correspondence — messages you send us and our replies.

Browsing data — pages visited, device type, approximate location (city-level). Used to improve the site and prevent fraud.

Cookies — see our Cookie Policy.

Who we share it with

Only the partners required to deliver your order or run the business:

Payment processors — Stripe / Shopify Payments (for purchases).

Shipping carriers — to deliver your order (name + address only).

Hosting — Vercel, Cloudflare, Railway (where the site runs).

Email service — for transactional emails and the newsletter.

Each is a processor bound by GDPR-compliant contracts.

Your rights (GDPR)

You have the right to:

Access the personal data we hold about you.

Correct it if it is wrong.

Delete it (the “right to be forgotten”), unless we are legally required to keep it (e.g., order records).

Restrict or object to its processing.

Take it with you (data portability).

Lodge a complaint with your local data-protection authority.

To exercise any of these, email [email protected]. We respond within 30 days.