Login

Cart

Your cart is empty

EU Laws Compliance

EU LAWS COMPLIANCE

OUR COMMITMENT TO EUROPEAN DATA PROTECTION

Lily Venus fully complies with the General Data Protection Regulation (GDPR) and all applicable European Union data protection laws. As an Italian maison, we hold ourselves to the highest standards of privacy protection for all our European clients.

LEGAL BASIS FOR PROCESSING

We process your personal data only when we have a valid legal basis:

Contract Performance

  • Processing orders and payments
  • Delivering your purchases
  • Managing your account
  • Customer service communications

Legitimate Interests

  • Fraud prevention and security
  • Improving our products and services
  • Direct marketing to existing customers
  • Internal business operations

Consent

  • Marketing to new contacts
  • Non-essential cookies
  • Newsletter subscriptions
  • Promotional communications

Legal Obligations

  • Tax and accounting records
  • Anti-money laundering checks
  • Consumer protection compliance
  • Legal claims and disputes

YOUR RIGHTS UNDER GDPR

As an EU resident, you have comprehensive rights:

Right to Access (Article 15)
Request a copy of all personal data we hold about you

Right to Rectification (Article 16)
Correct any inaccurate or incomplete information

Right to Erasure - "Right to be Forgotten" (Article 17)
Request deletion of your data in certain circumstances

Right to Restrict Processing (Article 18)
Limit how we use your data while disputes are resolved

Right to Data Portability (Article 20)
Receive your data in a structured, commonly used format

Right to Object (Article 21)
Object to processing based on legitimate interests or direct marketing

Rights Related to Automated Decision-Making (Article 22)
Not be subject to decisions based solely on automated processing

DATA PROTECTION MEASURES

Security by Design

  • End-to-end encryption for payments
  • Secure SSL certificates on all pages
  • Regular security audits and updates
  • Access controls and authentication

Privacy by Default

  • Minimal data collection
  • Opt-in for all marketing
  • Limited retention periods
  • Anonymization where possible

INTERNATIONAL TRANSFERS

When we transfer data outside the EEA:

  • We use Standard Contractual Clauses (SCCs)
  • Ensure adequate protection levels
  • Only work with GDPR-compliant processors
  • Maintain full transparency about transfers

DATA RETENTION

We keep your data only as long as necessary:

  • Orders: 7 years (tax requirements)
  • Account data: Duration of relationship + 2 years
  • Marketing: Until you unsubscribe
  • Cookies: Per cookie policy (max 13 months)

COOKIE COMPLIANCE

In line with ePrivacy Directive and GDPR:

  • Clear cookie consent banner
  • Granular control over cookie categories
  • Easy withdrawal of consent
  • No pre-checked boxes
  • Access to preferences anytime

DATA BREACH PROCEDURES

We maintain strict breach protocols:

  • 72-hour notification to authorities
  • Direct notification to affected individuals
  • Comprehensive incident response plan
  • Regular staff training on data security

YOUR DATA PROTECTION CONTACTS

Data Controller:
Lily Venus
Via Milano, 46
36100 Vicenza, Italy
VAT: IT04295310249 Data Protection Inquiries:

privacy@lilyvenus.com
+39 348 8423854

Italian Supervisory Authority:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma
protocollo@gpdp.it
(+39) 06.696771

EU Data Protection Board:
For cross-border issues
edpb@edpb.europa.eu

SPECIFIC MEMBER STATE REQUIREMENTS

Italy (Legislative Decree 196/2003 as amended):

  • Enhanced protections for biometric data
  • Specific rules for employee monitoring
  • Strict requirements for health data
  • Special provisions for deceased persons' data

Age of Consent:

  • Italy: 14 years
  • Other EU states: 13-16 years
  • We apply highest standard (16) unless verified

PRIVACY NOTICE TRANSPARENCY

Our privacy policy includes:

  • Identity and contact details
  • Purposes and legal basis
  • Recipients of personal data
  • Retention periods
  • Your rights and how to exercise them
  • Right to lodge complaints
  • Whether provision is statutory/contractual
  • Existence of automated decision-making

THIRD-PARTY PROCESSORS

All our processors are:

  • GDPR compliant
  • Under written contracts (Article 28)
  • Subject to regular audits
  • Limited to necessary processing
  • Bound by confidentiality

EXERCISING YOUR RIGHTS

How to Submit Requests:

  1. Email privacy@lilyvenus.com
  2. Use online privacy portal
  3. Call +39 348 8423854
  4. Write to our Vicenza address

What We Need:

  • Proof of identity
  • Specific right being exercised
  • Relevant details for your request
  • Preferred response method

Response Timeline:

  • Acknowledgment: Within 72 hours
  • Full response: Within 30 days
  • Complex requests: May extend to 60 days with notice

COMPLIANCE CERTIFICATIONS

We maintain:

  • Regular GDPR compliance audits
  • Staff privacy training programs
  • Data Protection Impact Assessments (DPIAs)
  • Records of processing activities
  • Documented compliance procedures

SPECIAL CATEGORIES OF DATA

For sensitive data (health, biometric, etc.):

  • Explicit consent required
  • Enhanced security measures
  • Limited access controls
  • Special deletion procedures
  • No automated decisions

QUESTIONS OR CONCERNS?

If you have any questions about our EU compliance:

Email: privacy@lilyvenus.com
Phone: +39 348 8423854
Hours: Monday-Friday, 9:00 AM - 6:00 PM CET

You always have the right to lodge a complaint with your local supervisory authority if you believe we haven't adequately addressed your concerns.

Protecting your privacy is not just our legal obligation it's our commitment to you.