Privacy policy

Updated on: October 31, 2025

This Privacy Policy explains how Armonello (“we,” “us,” “our”) collects, uses, and discloses your personal information when you visit or use our website and online store, make a purchase, or contact us (the “Services”). The Services are powered by Shopify. “Personal information” means information that identifies or can reasonably be linked to an individual. Information that has been anonymized or de-identified so it cannot reasonably identify you is not considered personal information. If there is any conflict between our Terms of Service and this Policy, this Policy controls with respect to the collection, use, and disclosure of personal information.

Data Collection

Information you provide to us

  • Contact and profile: first and last name, billing and shipping address, email, phone number, preferences.
  • Account: username, password, settings and preferences.
  • Transactions and support: items viewed, added to cart, purchased, returned/exchanged; contents of your communications with us (e.g., support requests).
  • Payments: data necessary to process payments (handled by secure payment gateways); full card data is not stored in our systems.

Information collected automatically

  • Device and network: IP address, unique identifiers, browser/OS type, settings and language.
  • Usage: interactions with the Services (pages viewed, features used, timestamps, referrers) via cookies, pixels, and similar technologies.
  • Approximate location: geographic area inferred from IP for experience, security, and compliance purposes.

Sources of personal information

  • Directly from you when you create an account, place orders, or contact us.
  • Automatically through the Services and related tracking tools.
  • Service providers and partners operating on our behalf (payments, shipping, analytics, security).
  • Shopify, which hosts and powers the Services (see “Relationship with Shopify”).

Social media login

The Services may allow sign-up or login via social accounts (e.g., Facebook). In that case we may receive profile information according to your settings on the originating platform. We use such data in accordance with this Policy; please also review the provider’s privacy notice.

Children’s data

The Services are not intended for individuals below the age of majority in your jurisdiction. We do not knowingly collect children’s data. If you believe a child has provided us personal information, contact us to request deletion.

How we use personal information

  • Provide, personalize, and improve the Services: contract performance, order fulfillment, returns/exchanges, account management, recommendations, and experience personalization.
  • Communications: customer support, account and order notifications, responses to inquiries.
  • Marketing and advertising: promotional communications and displaying ads, including personalized advertising where permitted by law.
  • Security and fraud prevention: authentication, detection and investigation of suspicious activity, protection of rights and safety.
  • Legal obligations: regulatory compliance, lawful requests from authorities, defense of legal claims, and enforcing terms.

Legal bases (EEA/UK): consent; performance of a contract; legal obligations; legitimate interests (e.g., security, improving the Services, customer relationships) balanced against your rights and freedoms; where applicable, vital interests.

Information sharing

We share personal information only when necessary and consistent with this Policy:

  • Business transfers: in the event of a merger, acquisition, or asset sale, we may transfer data and, where required, notify you.
  • Affiliates: within our corporate group, subject to this Policy.
  • Business partners: to offer joint products/Services or promotions, with your consent where required.
  • Service providers (processors): entities acting on our behalf, including:
    • Shopify (store hosting and platform): provides, protects, and improves the Services.
    • Payment gateways (e.g., Shopify Payments, PayPal, Stripe): secure payment processing and fraud prevention.
    • Analytics (e.g., Google Analytics 4, Microsoft Clarity, and Google Tag Manager): usage statistics, subject to consent where required.
    • Anti-abuse and security (e.g., Google reCAPTCHA): protection against spam and abuse.
    • Advertising/remarketing (e.g., Google Ads, Meta): personalized ads where permitted, with opt-out options.
    • Logistics (e.g., BRT, SDA, FedEx): order delivery and returns handling.
    • Customer feedback (e.g., Trustpilot): review invitations and feedback management.
  • At your direction or with your consent: e.g., social integrations, widgets, or shipments to third parties you designate.
  • Legal requirements: to comply with lawful requests by authorities or protect our rights or the rights of others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes data about your use to provide, protect, and improve the platform. For certain enhanced features, Shopify may combine data from your interactions with our store and other merchants. For these processing activities, Shopify acts as an independent controller and is responsible for handling rights requests; see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal to exercise rights related to data processed by Shopify.

Third-party sites and services

The Services may include links or integrations from third parties. We do not control such sites/services and are not responsible for their privacy practices. Please review their respective notices.

Your rights

Depending on where you live, you may have some or all of the following rights, subject to legal exceptions and limitations:

  • Access/Know the data we hold about you.
  • Deletion of data within applicable limits.
  • Correction of inaccurate data.
  • Portability of data in a structured format, where applicable.
  • Object to or restrict processing for certain purposes (EEA/UK).
  • Withdraw consent without affecting prior lawful processing.

Marketing choices and targeted advertising: you can unsubscribe from promotional emails via the “unsubscribe” link in our messages; we may still send non-promotional messages about orders/account. Where required by your local law, you may opt out of the “sale” or “sharing” of data and/or processing for targeted advertising via this page. If you visit the site with the Global Privacy Control signal enabled, we will treat it as an opt-out request for that browser/device and, if we can associate the device with a Shopify account, for the account as well. Learn more about GPC: https://globalprivacycontrol.org/. Apart from GPC, we do not respond to other “Do Not Track” signals.

Complaints: you can contact us using the details in “Contact.” In the European Economic Area, you may contact your local data protection authority; a list is available here.

How to exercise your rights: use the features available on the Services or write to us using the details in “Contact.” For processing performed by Shopify as an independent controller, use the Shopify Privacy Portal. We may request identity verification or authorized-agent documentation as permitted by law.

Data security

We implement appropriate technical and organizational measures to protect personal data. However, no measure is infallible and transmitting information over the Internet involves residual risks; please avoid using insecure channels for sensitive information.

Retention

We retain data as long as necessary to maintain your account, provide the Services, comply with legal obligations, resolve disputes, and enforce contracts/policies. After that, data is deleted or safely anonymized.

International transfers

Data may be transferred, stored, and processed outside your country of residence. For transfers from the EEA/UK to third countries, we use recognized mechanisms (e.g., EU Standard Contractual Clauses or UK-equivalent tools), unless an adequacy decision applies.

Changes to this Policy

We may update this Policy for operational, legal, or regulatory reasons, or to reflect changes to the Services. We will publish the updated version on the site, update the “Updated on” date, and provide any additional notices required by law.

Contact

If you have questions about our privacy practices or wish to exercise your rights, email info@armonello.com or write to: Via Renato Fucini 10, 51037 Montale (PT), Italy. For purposes of applicable data protection law, Francesco Bertini, located at Via Renato Fucini 10, 51037 Montale (PT), Italy, is the data controller of your personal information for processing activities within our responsibility.