Versand in ganz Europa

    Wir verwenden technische Cookies (notwendig) und, mit deiner Zustimmung, Marketing-Cookies (Meta Pixel) für Analyse und personalisierte Werbung. Datenschutzerklärung

    Zuletzt aktualisiert: January 2026

    Privacy Policy

    This Privacy Policy describes how Montico Elisa (Fiorelise Jewels) collects, uses and protects customer and visitor personal data, in compliance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by 101/2018.

    Data controller

    Montico Elisa — VAT IT01934110931 — REA PN-366865 — PEC: ELISAMONTICO@PEC.IT — email: fiorelisejewels@gmail.com. The Controller has not appointed a DPO as not required under art. 37 GDPR.

    Categories of data collected

    1) Identification: first/last name. 2) Contact: email, phone. 3) Shipping/billing: address, city, ZIP, province, country. 4) Order data: items purchased, amount, date, payment method type (NOT card details). 5) Account credentials: email + password (stored as bcrypt hash). 6) Technical data: IP address, user-agent, access logs (auto-collected by Vercel hosting). 7) Technical session cookies (see Cookies).

    Data NOT collected

    We do not collect or store: full card number, CVV, expiry. These are transmitted directly from your browser to PCI-DSS certified payment providers (Stripe, PayPal, Apple Pay, Google Pay) which handle them securely via tokenization.

    Purposes and legal basis

    (a) Order fulfilment, invoicing, shipping, after-sales — basis: contract performance, art. 6.1.b GDPR. (b) Tax/accounting compliance — basis: legal obligation, art. 6.1.c GDPR. (c) Site security, fraud prevention — basis: legitimate interest, art. 6.1.f GDPR. (d) Newsletter and marketing — basis: consent, art. 6.1.a GDPR (revocable at any time).

    Recipients (external processors)

    Data may be processed by: Vercel Inc. (hosting, USA — Standard Contractual Clauses); Supabase Inc. (database & auth, Singapore/EU — SCC); Stripe Payments Europe (card payments, Ireland); PayPal Europe (Luxembourg); Resend or transactional email provider (order notifications); Google Maps Platform (address autocomplete, US — DPF); Packlink (shipping management, Spain/EU) and couriers (BRT) for delivery; Meta Platforms Ireland (Facebook/Instagram Pixel, only with consent, for analytics and advertising); accountant for tax compliance. We do not sell your data. Sharing occurs only with the providers listed above, for the stated purposes; marketing cookies (Meta) are activated only with your consent.

    Extra-EU transfer

    Some providers (Vercel, Google) are based in the USA. Transfer is based on Standard Contractual Clauses approved by the EU Commission and/or Data Privacy Framework (DPF) adherence.

    Retention

    Order and invoicing data: 10 years (tax obligation, art. 2220 Italian Civil Code). User account: until deletion requested. Marketing data: until consent withdrawn. Technical logs: max 30 days. Cart (browser localStorage): until you clear it from your device.

    Your rights

    Under arts. 15-22 GDPR you can: access your data, rectify, erase (right to be forgotten), restrict processing, object, receive data in portable format, withdraw consent. To exercise rights write to fiorelisejewels@gmail.com or ELISAMONTICO@PEC.IT — response within 30 days.

    Complaint

    You have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority in your EU country of residence.

    Cookies and similar technologies

    Technical and session cookies (authentication, cart, language): necessary, no consent required. Marketing/profiling cookies: we use Meta Pixel (Facebook/Instagram) for analytics and personalized advertising, activated ONLY after your explicit consent via the cookie banner. You can refuse or withdraw consent at any time; the Pixel will not load. Meta Platforms Ireland Ltd. acts as joint controller for Pixel data; US transfer based on the Data Privacy Framework.

    Security

    Data protected via: HTTPS/TLS connection, bcrypt password hashing, database access limited via Row Level Security (RLS), encrypted backups, data minimization principle.

    Changes

    Any updates will be posted on this page. Last update date is shown at the top.