Privacy Policy | Limara
Privacy Policy
Pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
1. Data Controller
The Data Controller for personal data collected through this website is:
FLAVIA LEONARDI
trading as LIMARA
Registered address: VIA FILIPPO TURATI 48G, Luino, VA, 21016
VAT / Tax ID: IT04140690126
Email: info@limaraskincare.com
Website: https://limaraskincare.com
For any question regarding the processing of your personal data, please contact the Data Controller at the email address above.
2. Types of Data Collected
We collect the following categories of personal data:
a) Data provided directly by you:
- Personal details (first name, last name)
- Contact information (email address, phone number if provided)
- Shipping and billing information (address, city, ZIP code, country)
- Account credentials (email address, encrypted password)
- Messages sent through the contact form
b) Data collected automatically:
- Browsing data (IP address, browser type, operating system, pages visited, access time)
- Cookies and tracking technologies (see Section 7)
3. Purposes and Legal Basis for Processing
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Processing and managing purchase orders | Performance of a contract (Art. 6.1.b) |
| Managing shipping and order tracking | Performance of a contract (Art. 6.1.b) |
| Handling returns and right of withdrawal | Legal obligation (Art. 6.1.c) |
| Customer support and responding to enquiries | Performance of a contract / Legitimate interest (Art. 6.1.b and 6.1.f) |
| Tax and accounting obligations | Legal obligation (Art. 6.1.c) |
| Sending newsletters and commercial communications | Consent of the data subject (Art. 6.1.a) |
| Statistical traffic analysis (Google Analytics) | Consent of the data subject (Art. 6.1.a) |
| Personalised advertising (Meta Pixel) | Consent of the data subject (Art. 6.1.a) |
| Fraud prevention and website security | Legitimate interest (Art. 6.1.f) |
4. Data Processors and Recipients
Your personal data may be shared, to the extent strictly necessary, with the following categories of recipients acting as data processors pursuant to Art. 28 GDPR:
- Shopify International Limited — e-commerce platform (Ireland). Shopify Privacy Policy
- PayPal (Europe) S.à r.l. — payment processor (Luxembourg). PayPal Privacy Policy
- Google LLC — Google Analytics for traffic analysis (USA — data transfers protected by Standard Contractual Clauses). Google Privacy Policy
- Meta Platforms Ireland Limited — Meta Pixel for advertising (Ireland). Meta Privacy Policy
- Shopify Email — newsletter delivery (included in the Shopify service)
- Couriers and shipping carriers — for order delivery (e.g. GLS, DHL, national postal services)
- Accountant / accounting firm — for tax and legal obligations
Your data is never sold or transferred to third parties for their own commercial purposes.
5. International Data Transfers
Some providers listed in Section 4 (in particular Google LLC) transfer data outside the European Economic Area (EEA), including to the United States. Such transfers are carried out in compliance with the safeguards provided by Arts. 44–49 GDPR, specifically through Standard Contractual Clauses adopted by the European Commission.
6. Data Retention Periods
| Data type | Retention period |
|---|---|
| Order data (tax and accounting records) | 10 years (legal obligation) |
| Registered account data | Until account deletion + 12 months |
| Newsletter data | Until consent is withdrawn |
| Browsing data and analytics cookies | Maximum 13 months |
| Advertising cookies (Meta Pixel) | According to Meta's policy (max 180 days for events) |
| Customer support communications | 2 years from closure of the request |
7. Cookies and Tracking Technologies
This website uses the following types of cookies:
Technical cookies (necessary): Essential for the website to function correctly (shopping cart, session, language/currency preferences). These do not require consent.
Analytics cookies (with consent): Google Analytics — anonymised analysis of traffic and user behaviour on the website.
Profiling / marketing cookies (with consent): Meta Pixel — conversion tracking and behavioural data for advertising purposes on Facebook and Instagram.
You can manage, modify or withdraw your cookie consent at any time through the banner displayed on the website or through your browser settings.
For more information, please refer to our Cookie Policy (available as a separate page on this website).
8. Your Rights as a Data Subject
Under Arts. 15–22 GDPR, you have the right to:
- Access (Art. 15): obtain confirmation of processing and a copy of your personal data
- Rectification (Art. 16): correct inaccurate or incomplete data
- Erasure / "Right to be forgotten" (Art. 17): request deletion of your data, subject to legal obligations
- Restriction of processing (Art. 18): request restriction of processing in certain circumstances
- Data portability (Art. 20): receive your data in a structured, commonly used and machine-readable format
- Objection (Art. 21): object to processing based on legitimate interest or for direct marketing purposes
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
To exercise any of these rights, please write to: info@limaraskincare.com
We will respond within 30 days of receiving your request, with a possible extension of up to 60 additional days for complex requests.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent data protection supervisory authority. If you are based in Italy, the relevant authority is:
Garante per la Protezione dei Dati Personali
Website: https://www.garanteprivacy.it
Email: garante@gpdp.it
If you are based in another EU/EEA country, you may contact your local supervisory authority. A full list is available at: https://edpb.europa.eu
10. Changes to This Policy
We reserve the right to update this Privacy Policy at any time, in the event of regulatory or operational changes. The updated version will be published on this page with the date of the latest revision.
Last updated: April 2026
This document has been prepared in accordance with EU Regulation 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016, and applicable Italian data protection legislation.