TABLE OF CONTENTS

1. Data Controller
2. Purpose of Processing
3. Legal Basis for Processing
4. Personal Data Subject to Processing
5. Retention Period of Personal Data
6. Mandatory Nature of Data Provision
7. Data Recipients
8. Data Disclosure and Transfer
9. Interaction with Social Networks and External Platforms
10. Data Subject Rights
11. Complaint to the Supervisory Authority
12. Automated Decision-Making, Including Profiling

1. DATA CONTROLLER
1.1. Company name: Lusi s.r.l.
1.2. Registered office: via Nobel, 8 – 41012 Carpi (MO), Italy
1.3. Contacts: +39 059 62 29 861, sales@kartika-fashion.it

2. PURPOSE OF PROCESSING
2.1. Providing requested information: Providing the requested information through the dedicated form.
2.2. Analysis of personal preferences: Tracking user navigation and analyzing behavior and preferences to deliver targeted advertising messages.
2.3. Statistics: Monitoring, via cookies, user interaction with the website in order to improve its operation and ensure proper functionality.
2.4. Website operation: Accessing the site involves the transmission of data, as implicit in the use of web communication protocols. This data may allow user identification. Such data is processed for the time strictly necessary and solely for statistical purposes related to website use and to ensure its proper functioning. The provision of such data is necessary as it is directly connected to web browsing.

3. LEGAL BASIS FOR PROCESSING
3.1. Providing requested information: Consent (optional and always revocable) via the related form.
3.2. Analysis of personal preferences: Consent (optional and always revocable) via related cookies.
3.3. Statistics: Consent (optional and always revocable) via related cookies.
3.4. Website operation: Legitimate interest of the Data Controller.

4. PERSONAL DATA SUBJECT TO PROCESSING
4.1. Providing requested information: Identification and contact details, and all data entered in the message text.
4.2. Analysis of personal preferences: Profiling data collected by installed cookies.
4.3. Statistics: Statistical data collected by installed cookies.
4.4. Website operation: Access to the website involves the transmission of data as implicit in the use of web protocols; such data may allow user identification. This includes the IP address and domain names of the computers used, the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the files obtained in response, the numeric code indicating the response status, and other parameters regarding the user’s operating system, browser, and IT environment.

5. RETENTION PERIOD OF PERSONAL DATA
5.1. Providing requested information: Data will be retained for a period not exceeding the achievement of the purpose under paragraph 2.1, and therefore according to the following criteria:
– the need to provide the requested information,
– up to three months from the complete provision of the requested information,
– in any case, at the time of consent withdrawal.
5.2. Analysis of personal preferences: Data will be retained for a period not exceeding the achievement of the purpose under paragraph 2.2, and therefore according to the following criteria:
– upon expiration of cookies, as provided in the cookie policy;
– in any case, upon consent withdrawal or opposition to the installation of profiling cookies.
5.3. Statistics: Data will be retained for a period not exceeding the achievement of the purpose under paragraph 2.3, and therefore according to the following criteria:
– upon expiration of cookies, as provided in the cookie policy;
– in any case, upon consent withdrawal to the installation of statistical cookies.
5.4. Website operation: Data will be retained for a period not exceeding the achievement of the purpose under paragraph 2.4, and therefore according to the following criteria:
– upon expiration of cookies, as provided in the cookie policy;
– for the entire duration of the browsing session on the website.

6. MANDATORY NATURE OF DATA PROVISION
6.1. Providing requested information: The provision of data is optional. However, failure to do so will make it impossible to provide the requested information.
6.2. Analysis of personal preferences: The provision of data is optional. Failure to do so will result in no analysis of personal preferences.
6.3. Statistics: The provision of data is optional. Failure to do so will result in no analysis of statistical data.
6.4. Website operation: The provision of data is mandatory and implicit in the use of web protocols. Without it, the website cannot function.

7. DATA RECIPIENTS
7.1. Authorized personnel: Within the limits relevant to the above purposes, data may be communicated to internal staff expressly authorized and instructed in processing.
7.2. Data processors: Within the limits relevant to the above purposes, data may be communicated to service providers appointed as Data Processors and appropriately instructed, such as:
– IT support service provider,
– email service provider,
– web agency service provider.
7.3. Data controllers: Data may be communicated to public authorities in accordance with applicable law.
If consent is given for the installation of third-party cookies, those parties will receive the data collected via such cookies.

8. DATA DISCLOSURE AND TRANSFER
8.1. Data disclosure: No data will be disclosed.
8.2. Non-EU transfer: The Data Controller does not transfer data outside the European Union.

9. INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
9.1. Social plug-ins: These tools allow interaction with social networks or other external platforms directly from this website’s pages (e.g., by redirecting to the company’s social page when clicking the icon).
9.2. Data transmission: When visiting a page on our site and interacting with the plug-in (e.g., clicking the button with a social network icon), the corresponding information is transmitted from the browser directly to the social network platform and stored there.
9.3. Information and rights: For details on the purposes, types, and methods of data collection, processing, use, and retention by the social network platform, as well as how to exercise your rights, please refer to the privacy policy adopted by the respective social network or other external platform.

10. DATA SUBJECT RIGHTS
10.1. Right of access (Art. 15 GDPR): You may request confirmation of whether or not personal data concerning you is being processed, along with further clarification about the information in this notice, and receive the data itself, unless the disclosure infringes on the rights and freedoms of others.
10.2. Right to rectification (Art. 16 GDPR): You may request the correction or supplementation of data you have provided or that is otherwise in our possession, if inaccurate.
10.3. Right to erasure (Art. 17 GDPR): You may request that the acquired or processed data be deleted.
10.4. Right to restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of personal data. In this case, the data will not be processed, except for storage, without your consent, except as provided in paragraph 2 of the same article.
10.5. Right to data portability (Art. 20 GDPR): You may request to receive the data, or have it transmitted to another indicated controller, in a structured, commonly used, and machine-readable format.
10.6. Right to object (Art. 21 GDPR): You may object at any time to the processing of data based on legitimate interest, unless there are compelling legitimate grounds for the processing which override your rights, such as for legal defense. Objection will always override our legitimate interest in processing data for marketing purposes.
10.7. Right not to be subject to automated decision-making (Art. 22 GDPR): You may request not to be subjected to automated decision-making, including profiling.

11. COMPLAINT TO THE SUPERVISORY AUTHORITY
11.1. Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with the supervisory authority of the Member State in which you habitually reside, work, or where the alleged violation occurred.
11.2. Italian supervisory authority: Garante per la Protezione dei Dati Personali
11.3. Contact details: Piazza Venezia, 11, 00187 Rome (RM), Italy – protocollo@pec.gdpd.it

12. AUTOMATED DECISION-MAKING, INCLUDING PROFILING
12.1. Provision of requested information: No automated decision-making processes, including profiling, are carried out.
12.2. Analysis of personal preferences: Profiling will be carried out only with prior consent to the relevant cookies.
12.3. Statistics: Profiling will be carried out only with prior consent to the relevant cookies.
12.4. Website operation: No automated decision-making processes, including profiling, are carried out.

For full information regarding cookies and other tracking tools, please refer to the Cookie Policy.

Last updated: April 1, 2025