Privacy Policy — Lorenne

Last updated: 28 December 2025

This Privacy Policy explains how Lorenne collects and uses personal data when you visit our website, place an order, subscribe to our communications, or contact us.

1. Data Controller and Contact Details

Data Controller: David Ramon Llorente
NIF: 46494948B
Address: Calle Cardenal Cisneros, Chamberí, Spain
Email: contact@lorennedk.com

Data Protection Officer (DPO): Not appointed.

2. Scope

This Privacy Policy applies to personal data processed through Lorenne’s website and related communications (email and telephone). It does not apply to third-party websites linked from our site.

3. Personal Data We Collect

We collect personal data in the following categories:

A) Data you provide directly

  • Identity and contact details: name, email, telephone number, billing and shipping address.

  • Order and customer records: items purchased, order number, delivery information, invoice requests.

  • Communications: information you provide when you contact us by email or phone.

  • Marketing preferences: newsletter subscription status and consent choices.

Mandatory data: Certain details (for example, shipping address and contact details) are necessary to process an order. If you do not provide them, we may be unable to complete the purchase or deliver your products. GDPR

B) Data collected automatically

When you browse our website, we may collect:

  • Device and technical data: IP address, browser type, language, device identifiers, approximate location derived from IP.

  • Usage data: pages viewed, time spent, clicks, and navigation patterns.

  • Cookies and similar technologies: depending on your cookie preferences (see Section 6).

C) Payment data

Payments are processed via Squarespace Commerce through payment processors available at checkout. Squarespace Commerce supports connecting Squarespace Payments and/or third-party processors such as Stripe and PayPal (availability depends on configuration and location). We do not store full payment card numbers; payment processing is handled by the relevant provider. Squarespace Help+2Squarespace Help+2

4. How We Use Your Personal Data (Purposes and Legal Bases)

We process personal data for the purposes below, based on GDPR Article 6:

A) To provide services and fulfil orders (contract)

  • Process purchases, confirmations, dispatch, delivery, and customer service.

  • Manage your account (if you create one) and maintain order records.

B) To comply with legal obligations (legal obligation)

  • Accounting, tax, and record-keeping obligations under Spanish commercial rules. Agencia Tributaria

C) To operate, protect, and improve our business (legitimate interests)

Our legitimate interests include:

  • maintaining website security and preventing fraud;

  • ensuring service continuity and quality;

  • understanding website performance and improving user experience (where this does not require consent). GDPR

D) Marketing communications (consent, where required)

  • Send newsletters and updates if you opt in (via Squarespace Email Campaigns and/or Mailchimp, depending on what is enabled). You can unsubscribe at any time using the link in our emails.

E) Advertising measurement and optimisation (consent, where required)

  • Where enabled, we may measure advertising performance (for example, attribution and conversion measurement). This typically relies on cookies or similar technologies and is controlled via your cookie choices.

5. How We Share Personal Data (Recipients)

We share personal data only when necessary for the purposes above, including with:

  • Squarespace (website hosting, commerce functionality, and site operations).

  • Payment processors available in Squarespace checkout (e.g., Squarespace Payments / Stripe, PayPal, depending on what is enabled). Squarespace Help+2Squarespace Help+2

  • Delivery and logistics partners: DHL (shipping and tracking).

  • Email and marketing services: Mailchimp and/or Squarespace Email Campaigns (newsletter delivery and list management), if used.

  • Professional advisers: accountants and legal advisers where necessary for compliance.

We do not sell personal data and we do not share personal data with third parties for their own marketing purposes.

6. Cookies, Analytics, and Similar Technologies

We use cookies and similar technologies to operate our site and, subject to your preferences, to measure and improve performance and marketing effectiveness. Our Squarespace cookie banner allows you to accept, reject, or manage non-essential cookies.

Typical categories include:

  • Strictly necessary cookies: required for core functionality and security.

  • Analytics cookies: to understand site usage (e.g., Google Analytics), subject to your consent settings.

  • Marketing cookies: to measure advertising effectiveness, subject to your consent settings.

You can update your cookie choices at any time using the cookie settings available on our website. GDPR

7. International Data Transfers

Some service providers may process data outside Spain and, in certain cases, outside the European Economic Area. Where transfers go to countries without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). Where applicable, transfers to certified US organisations may rely on the EU–US Data Privacy Framework adequacy decision. European Commission+2reuters.com+2

You may request further information about the relevant safeguards by contacting us at contact@lorennedk.com. GDPR

8. Data Retention

We keep personal data only as long as necessary for the purposes described in this policy:

  • Order, accounting, and business documentation: generally retained for six years from the last relevant business record entry, in line with Spanish commercial requirements. Agencia Tributaria

  • Customer service correspondence: retained as needed to manage the request and for reasonable follow-up, then deleted or minimised.

  • Marketing subscriptions: retained until you unsubscribe; we may keep a minimal suppression record to ensure we respect your preferences.

  • Cookies: retained according to their type and your cookie preferences.

9. Your Rights (GDPR)

Subject to applicable law, you may request:

  • access to your data;

  • rectification;

  • erasure;

  • restriction of processing;

  • data portability;

  • objection to processing (including certain legitimate-interest processing);

  • withdrawal of consent (for consent-based processing).

To exercise your rights, contact contact@lorennedk.com. We may request information to verify your identity. We aim to respond within one month, with extensions permitted in complex cases. GDPR

Complaints

You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD). Agencia Española de Protección de Datos

10. Security

We apply reasonable technical and organisational measures designed to protect personal data. No online system is fully secure; however, we work to reduce risks and respond appropriately to incidents.

11. Children

Our services are not directed to children under 16, and we do not knowingly collect personal data from children.

12. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be published on our website with a revised “Last updated” date.