Privacy Policy of shop.blacklotus.eu
Website: shop.blacklotus.eu · Policy version: v1 · Last update: 2026-05-29T15:35:36+00:00 · Effective date: 2026-05-29
This policy is generated and maintained through Lean Cookie Consent from the information configured by the website owner, including the consent profile, cookie categories, policy version and legal details provided for this website.
Owner and Data Controller
Types of Data collected
This website may collect Personal Data provided directly by users, Usage Data collected automatically, and technical identifiers required to operate the website and remember consent choices. The exact categories depend on the forms, integrations and third-party services enabled by the website owner.
Common categories of Personal Data
Contact details, account or form information, billing or commercial information where relevant, technical identifiers, browser and device information, approximate location derived from network data, interaction data, cookie identifiers and consent preferences.
Usage Data
Usage Data may include IP-derived information, browser type and version, operating system, referring pages, visited pages, time of request, time spent on pages, interaction events, diagnostic data and other technical information transmitted by the browser or device.
Personal Data may be freely provided by the User or collected automatically as Usage Data. Where Data is mandatory, failure to provide it may make it impossible to provide the Service; where Data is optional, Users may refuse without affecting core functionality.
Users are responsible for any third-party Personal Data obtained, published or shared through this website and confirm that they have a valid legal basis to provide such Data.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate technical and organizational security measures to prevent unauthorized access, disclosure, modification or destruction of Data. Processing is carried out using computers and IT-enabled tools, following organizational procedures strictly related to the purposes indicated in this policy.
Persons authorized to process Data
In addition to the Owner, Data may be accessible to persons involved with the operation of this website such as administration, sales, marketing, legal, system administration or external parties appointed as processors where required.
Place
Data is processed at the Owner operating offices (Viale Papiniano 42 20123 Milano) and in any other places where the parties involved in the processing are located. Depending on the User location, transfers may involve a country other than their own.
Purposes of processing and legal basis
Providing and securing the website, responding to requests, complying with legal obligations, measuring performance, improving content, managing marketing activities where consent is given, and keeping evidence of consent choices.
Legal basis under GDPR
Consent, performance of a contract or pre-contractual measures, compliance with legal obligations, legitimate interests, vital interests, or tasks carried out in the public interest depending on the processing activity. Optional analytics and marketing technologies should run only after the user has given consent where required.
Cookies and tracking technologies
This website uses cookies or similar technologies to provide the service, remember consent choices and, when enabled by the visitor, measure traffic or support marketing activities. Users can manage optional categories from the cookie banner or preference control where available.
Technical cookies
Required for core site features and security. Always active.
Status: always active because they are required for core site functionality and security.
Analytics cookies
Help measure traffic and improve content.
Status: used only when the visitor gives analytics consent.
Marketing cookies
Allow advertising, pixels and campaign measurement scripts.
Status: used only when the visitor gives marketing consent.
Third-party services and processors
Hosting providers, analytics services, tag managers, embedded content providers, payment processors, CRM systems, email delivery services, advertising networks, security tools and support platforms used by the website owner. The website owner should ensure appropriate data processing agreements are in place where required.
International data transfers
Where data is transferred internationally, the owner should rely on adequacy decisions, Standard Contractual Clauses, binding corporate rules, explicit consent, contractual necessity or another valid transfer mechanism.
Retention time
Personal Data is retained only for as long as required by the purposes for which it was collected, unless a longer retention period is required by law, accounting obligations, dispute management or security needs. Consent choices for this website are configured to expire after 180 days unless changed by the visitor earlier.
Further information about retention time
Personal Data collected for purposes related to contract performance is retained until the contract has been fully performed. Data processed on the basis of legitimate interests is retained as long as needed to fulfil those interests. The Owner may retain Data for a longer period whenever required by law, by an authority order, for legal defence, or while consent remains valid and has not been withdrawn. Once the retention period expires, Personal Data should be deleted or anonymized.
Users rights
Users may exercise certain rights regarding their Data, to the extent permitted by applicable law.
Rights available to Users
Users may withdraw consent at any time, object to processing, access their Data, verify and request rectification, restrict processing, request erasure, receive their Data in a structured and machine-readable format, request portability where technically feasible, and lodge a complaint with the competent supervisory authority.
Details about the right to object to processing
Where Personal Data is processed for public interest, official authority or legitimate interests, Users may object by providing grounds related to their particular situation. Where Data is processed for direct marketing purposes, Users can object at any time, free of charge and without providing any justification.
How to exercise rights
Users can exercise their rights by contacting the privacy contact listed in this policy. The owner may need to verify the requester identity before acting on the request.
Additional regional disclosures
Applicable jurisdictions configured by the owner: European Union / EEA, United Kingdom, Switzerland, United States privacy laws where applicable, Brazil LGPD where applicable
European Union, EEA, United Kingdom and Switzerland
Users in these regions may benefit from rights under GDPR, UK GDPR, Swiss FADP and related ePrivacy rules. Optional non-essential cookies and similar trackers should generally be based on consent unless another valid rule applies.
California and United States privacy laws
Where laws such as CCPA/CPRA or other state privacy laws apply, users may have rights to know, access, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination for exercising privacy rights. The website owner should disclose whether Personal Data is sold or shared and provide required opt-out mechanisms where applicable.
Sale or sharing disclosure
The owner should disclose whether Personal Data is sold or shared for cross-context behavioral advertising and provide required opt-out mechanisms where applicable.
Brazil LGPD and other jurisdictions
Where LGPD or similar privacy laws apply, users may have rights to confirmation of processing, access, correction, anonymization, blocking, deletion, portability and information about sharing. The website owner should adapt this document to the jurisdictions where it operates or targets users.
System logs and security
For operation, fraud prevention, diagnostics and security, the website and connected services may process technical logs such as timestamps, browser information, consent choices, policy version, banner version, request metadata and pseudonymized network identifiers.
Sensitive data
The website does not intentionally collect special categories of Personal Data unless clearly disclosed by the owner and supported by a valid legal basis.
Children privacy
This website is not intended to knowingly collect Personal Data from children below the configured minimum age: 16, unless a lower age is allowed by applicable local law. If the owner becomes aware that such Data has been collected without appropriate authorization, it should be deleted or otherwise handled according to applicable law.
Automated decision-making
Unless specifically disclosed by the owner, the website does not use Personal Data for solely automated decisions that produce legal or similarly significant effects.
Additional information about Data collection and processing
Legal action
The User Personal Data may be used by the Owner for legal purposes in court or in the stages leading to possible legal action arising from improper use of this website or related Services. The User acknowledges that the Owner may be required to reveal Personal Data upon request of public authorities.
Additional information about User Personal Data
In addition to the information contained in this privacy policy, this website may provide Users with contextual information concerning specific Services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this website and connected services may collect files that record interaction with the website, such as system logs, or use other Personal Data such as IP-derived technical identifiers for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time using the contact information provided in this document.
Changes to this policy
The website owner may update this policy when services, legal requirements or data processing activities change. When consent-relevant sections change, visitors may be asked to renew their consent.
Consent evidence
Lean Cookie Consent stores consent records with the selected categories, policy version, banner version, domain and timestamp to help the website owner keep operational evidence of consent choices. Network identifiers are pseudonymized where supported by the platform configuration.
Definitions and legal references
Personal Data or Data
Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data
Information collected automatically through this website or third-party services, including IP-derived information, browser and operating system details, request time, page path, interaction data and technical parameters about the User device.
User and Data Subject
The individual using this website who, unless otherwise specified, is the natural person to whom the Personal Data refers.
Data Processor
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Data Controller or Owner
The natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of Personal Data. Unless otherwise specified, the Data Controller is the Owner listed in this policy.
Service and this website
The Service is the website, application, content or functionality provided by the Owner through the configured domain: shop.blacklotus.eu.