Privacy Policy

Last Updated: February 11, 2025

1. Data Controller

The data controller responsible for processing personal data is:

Calz. Vanessa Creazioni di Marziali Vanessa
Via Borgo Nuovo 85/A – 63813 Monte Urano (FM) – Italy
VAT: 01154780447
E-mail: vanessa.creazioni.mu@gmail.com – vanessa.marziali@gmail.com

Hereinafter referred to as “Natural Vanity”, “we”, “us” or “our”.

2. Scope of This Policy

This Privacy Policy describes how we collect and process personal data when you:

• visit the website naturalvanityshoes.com (the “Website”);

• browse pages, products, and collections;

• make a purchase or request information;

• subscribe to the newsletter or contact us via website forms, e-mail, or social media.

By accessing or using the Website, you acknowledge and accept the processing of your personal data as described in this Privacy Policy.

3. Types of Personal Data Processed

3.1 Data Provided Directly by You

When using our services, we may collect:

• Identification and contact details: name, surname, address, email, phone number;

• Order information: shipping/billing address, purchased products, payment method (full card details are processed only by the payment provider, not by us);

• Account information (if applicable): username, password, preferences;

• Communications: messages and requests sent through forms, email, or social channels.

Providing this data is optional, but necessary to use certain services (e.g., we cannot ship an order without an address).

3.2 Data Collected Automatically (Usage Data)

When you visit the Website, we may automatically collect technical information via cookies and similar technologies, such as:

• IP address;

• browser type and device information;

• pages visited, time spent on the Website, referral sources;

• cookie identifiers and analytics data.

These data are used in aggregate form for statistics and security.
For more details, see our Cookie Policy.

3.3 Data Obtained from Third Parties

We may receive additional information from:

• payment service providers (payment confirmation, transaction status);

• couriers/shipping partners (delivery status, issues);

• newsletter or marketing service providers;

• hosting, analytics, and e-commerce platform providers.

These third parties mainly act as Data Processors under Article 28 GDPR.

4. Purposes and Legal Bases for Processing

a) Order Processing and Online Sales

What we do: order management, payment processing, invoicing, shipping, returns, and customer support.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c)).

b) Customer Support and Contact Requests

What we do: respond to emails, messages, product inquiries, order assistance.
Legal basis: pre-contractual measures and our legitimate interest in providing assistance (Art. 6(1)(b) and 6(1)(f)).

c) Newsletter and Marketing Communications

What we do: send emails with updates, promotions, style suggestions, and product launches.
Legal basis: your explicit consent (Art. 6(1)(a) GDPR).
You may withdraw your consent at any time.

d) Statistical Analysis and Website Improvement

What we do: analyse traffic, most visited pages, conversion rates, and overall user experience.
Legal basis: our legitimate interest in improving the Website (Art. 6(1)(f)) within the preferences you selected in the cookie settings.

e) Security, Fraud Prevention, and Abuse Monitoring

What we do: monitor suspicious activity, prevent fraudulent orders, protect the Website and payment systems.
Legal basis: legitimate interest in protecting our business and users (Art. 6(1)(f)).

5. Processing Methods

Data are processed through manual, electronic, and telematic tools, ensuring lawful, fair, and transparent processing and respecting principles of necessity, minimisation, and storage limitation.

We do not perform solely automated decision-making that produces legal or similarly significant effects under Art. 22 GDPR.

6. Data Retention

Personal data are stored only for the time necessary for the purposes described above:

• Order data: retained for the duration of the contractual relationship and for legal/accounting purposes (generally 10 years).

• Contact requests: retained for the time needed to handle the request and up to 24 months.

• Newsletter data: retained until consent is withdrawn or after 24 months of inactivity.

• Technical/log data: retained for varying periods, usually no longer than 12 months unless required for security or legal obligations.

7. Data Recipients

Data may be shared with:

• technical service providers, hosting, and e-commerce platforms;

• payment processors (e.g., card networks, PayPal);

• couriers and logistics partners;

• tax/legal consultants as required by law;

• newsletter and marketing service providers;

• competent authorities when legally mandated.

Such recipients act as Data Processors (Art. 28 GDPR) or independent controllers (e.g., payment processors).

We do not publicly disclose personal data.

8. Transfers to Non-EU Countries

Some providers (e.g., email marketing, analytics, hosting) may be located outside the EU.
In such cases, data transfers occur in accordance with Articles 44+ GDPR, based on:

• European Commission adequacy decisions;

• Standard Contractual Clauses (SCCs);

• or other appropriate safeguards.

You may request details about third-country transfers by contacting us.

9. Cookies and Tracking Tools

The Website uses essential technical cookies and, with your consent, analytical and marketing cookies.

• Technical cookies: required for Website functionality (e.g., cart, login).

• Analytics/marketing cookies: used for statistics and personalized advertising.

For specific cookies, retention periods, and preference management, see our Cookie Policy.

10. Children’s Data

The Website and services are not intended for individuals under 18.
We do not knowingly collect data from minors. If we become aware of such data collection, we will delete it promptly.

11. Data Security

We implement technical and organisational measures to protect personal data against unauthorized access, loss, destruction, or accidental disclosure (e.g., backup systems, restricted access, authentication tools).

However, no system can guarantee absolute security.
Please keep your login credentials confidential and report any suspected breaches.

12. Your Rights

Under the GDPR, you have the right to:

• access your personal data (Art. 15);

• correct inaccurate or incomplete data (Art. 16);

• request deletion (“right to be forgotten”) (Art. 17);

• restrict processing (Art. 18);

• receive data portability where applicable (Art. 20);

• object to processing based on legitimate interest or for marketing (Art. 21);

• withdraw consent at any time.

To exercise your rights, contact us at:

📧 vanessa.creazioni.mu@gmail.com – vanessa.marziali@gmail.com

You also have the right to file a complaint with the Italian Data Protection Authority (www.gpdp.it).

13. Third-Party Websites

The Website may contain links to external websites or services (e.g., social networks, payment providers).
We are not responsible for how third parties process personal data.
Please refer to their respective privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services or legal requirements.
The updated version will always be available on the Website with the latest revision date.

15. Contact Information

For questions about this Privacy Policy or how we process your data, you may contact:

Calz. Vanessa Creazioni di Marziali Vanessa
📍 Via Borgo Nuovo 85/A – 63813 Monte Urano (FM) – Italy
📧 vanessa.creazioni.mu@gmail.com – vanessa.marziali@gmail.com – naturalvanityshoes@gmail.com
📞 351 352 8090