Privacy policy

Last updated: 01 May 2026

NELLOY (“we”, “our”, “us”) operates this online store (the “Site”) through the Shopify Inc. platform (“Shopify”).

This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you visit or make a purchase from the Site, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Italian data protection laws.

By using our Site, you confirm that you have read and understood this Privacy Policy.

1. Data Controller

The Data Controller is:

NELLOY
Rome, Italy
Email: info@nelloy.com

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Identity and Contact Data

  • Full name

  • Billing and shipping address

  • Email address

  • Phone number

b) Order and Payment Data

  • Order details

  • Payment method

  • Purchase history

Note: Payment card details are processed directly by secure payment providers and are not stored by us.

c) Account Data (if applicable)

  • Login credentials

  • Preferences

d) Technical and Usage Data

  • IP address

  • Device and browser type

  • Navigation data

  • Pages visited and interactions

  • Cookies and online identifiers

e) Marketing and Tracking Data

  • Advertising identifiers

  • Email interaction data (opens, clicks)

  • Data collected via tracking pixels

3. How We Collect Data

We collect personal data:

  • Directly from you (orders, forms, account creation)

  • Automatically via cookies and tracking technologies

  • Through Shopify and trusted service providers

4. Legal Bases for Processing (Art. 6 GDPR)

We process your data based on:

Contractual necessity (Art. 6(1)(b))

  • Order processing and delivery

  • Payment handling

  • Returns and refunds

  • Customer support

Legal obligations (Art. 6(1)(c))

  • Tax and accounting requirements

  • Compliance with legal requests

Legitimate interest (Art. 6(1)(f))

  • Fraud prevention

  • Website security

  • Service improvement

  • Legal defense

Consent (Art. 6(1)(a))

  • Marketing communications

  • Non-essential cookies

  • Analytics and advertising tracking

  • Profiling activities

You may withdraw consent at any time.

5. Marketing and Profiling

With your consent, we use third-party tools such as:

  • Google Analytics

  • Meta (Facebook) Pixel

  • TikTok Pixel

  • Pinterest Tag

These tools may collect data about your device and behavior to:

  • Analyze website performance

  • Measure advertising effectiveness

  • Deliver personalized ads

  • Build custom audiences

These activities may constitute profiling under GDPR.

Tracking tools are activated only after your explicit consent via the cookie banner.

6. Email Communications

With your consent, we may send:

  • Promotional emails

  • Newsletters

We may also track email opens and clicks.

You can unsubscribe at any time via the link in our emails.

Transactional emails (order confirmation, shipping updates) are sent without marketing consent.

7. Cookies

We use:

  • Essential cookies (required for the Site to function)

  • Analytics cookies

  • Marketing and profiling cookies

Non-essential cookies are only activated with your consent.

You can manage your preferences at any time via the cookie banner.

8. Data Sharing

We may share your data with:

  • Shopify (e-commerce platform)

  • Payment providers

  • Shipping and logistics partners

  • IT and hosting providers

  • Marketing and advertising platforms (with consent)

  • Public authorities where required by law

All providers comply with GDPR through appropriate safeguards.

9. International Data Transfers

Some providers may process data outside the European Economic Area (EEA).

In such cases, transfers are protected by:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

  • Other GDPR-compliant safeguards

10. Data Retention

We retain personal data only as long as necessary:

  • Order and tax data: up to 10 years (Italian legal requirement)

  • Account data: until deletion

  • Marketing data: until consent withdrawal

  • Customer service data: up to 24 months

  • Analytics data: based on cookie settings

After this period, data is deleted or anonymized.

11. Your Rights

Under GDPR, you have the right to:

  • Access your data

  • Request correction

  • Request deletion

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent

You may also file a complaint with:

Garante per la Protezione dei Dati Personali
https://www.garanteprivacy.it

12. Data Security

We implement appropriate technical and organizational measures to protect your data. However, no system can guarantee absolute security.

13. Children

This Site is not intended for individuals under 18. We do not knowingly collect data from minors.

14. Updates

We may update this Privacy Policy at any time. Changes will be published on this page with a revised date.

15. Contact

For any questions or to exercise your rights:

Email: info@nelloy.com
Location: Rome, Italy