Lusso Rinnato
Trade
DesignersWomenMenVintageBagsWatchesAccessories
WishlistMessagesNotificationsShopping Bag
AuthenticationSell with usAboutContact

Privacy Policy

Effective Date: May 18, 2026

1. Who We Are (Data Controller)

The data controller for personal data processed through this platform is the operator of the Lusso Rinnato marketplace. You may contact our privacy team at privacy@lussorinnato.com.

2. Personal Data We Process

  • Account data: name, email, phone number, password hash, profile preferences.
  • Identity and seller data: for Sellers, identification documents and KYC information processed by our payment provider.
  • Transaction data: orders, items listed, refunds, dispute history, authentication records.
  • Shipping and billing addresses.
  • Payment data: handled by Stripe; we do not store card numbers.
  • Communications: messages sent through our support channels.
  • Technical data: IP address, device identifiers, browser type, cookies, log files.
  • Usage data: pages viewed, searches, items wishlisted, interaction events.

3. Why We Process It (Purpose) and on What Basis

  • Provide the service (contract): account creation, order processing, authentication, shipping, returns, dispute resolution.
  • Fraud prevention and security (legitimate interest and legal obligation): identity verification, transaction screening, abuse detection.
  • Customer support (contract / legitimate interest): responding to your messages.
  • Marketing (consent, or legitimate interest for existing customers where permitted): newsletter, recommendations. You can opt out at any time.
  • Legal and tax compliance (legal obligation): record-keeping, response to lawful requests, sanctions and AML screening.
  • Service improvement (legitimate interest): analytics, A/B testing, fixing bugs.

4. Who We Share Data With

We do not sell personal data. We share it only with the processors and recipients listed below, under written agreements:

  • Stripe, Inc. — payment processing, payouts and KYC for Sellers.
  • Supabase, Inc. — database, authentication and storage infrastructure.
  • Shipping carriers — to ship Products and provide tracking.
  • AfterShip — shipment tracking aggregation.
  • Authentication partners — where additional expert opinion is required for a Product.
  • Analytics providers — aggregated usage analytics.
  • Counsel, auditors and regulators — where legally required or to defend our rights.

5. International Transfers

Some of our processors are located outside your country of residence. Where personal data is transferred outside the EEA or the UK, we rely on the European Commission Standard Contractual Clauses or other valid transfer mechanisms.

6. Retention

  • Account data: for the life of the account.
  • Transaction records, authentication records, tax data: a minimum of seven (7) years from the transaction date, as required for accounting and fraud-prevention purposes.
  • Support correspondence: up to three (3) years after the last interaction.
  • Marketing data: until you opt out, and at most twenty-four (24) months of inactivity.
  • Server logs: typically thirty (30) days.

7. Your Rights

Subject to local law, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion (subject to legal retention obligations above);
  • object to or restrict certain processing, including direct marketing;
  • receive your data in a portable format;
  • withdraw consent at any time (without effect on prior processing);
  • lodge a complaint with the competent supervisory authority.

California residents have additional rights under the CCPA, including the right to know what categories of personal data we collect, to whom they are disclosed, and the right to opt out of any “sale” or “sharing” of personal data as defined by the CCPA. We do not sell personal data.

To exercise any of these rights, contact privacy@lussorinnato.com. We will respond within the timeframes required by applicable law.

8. Cookies and Tracking

We use cookies and similar technologies. See our Cookie Policy for the categories used and how to manage them.

9. Security

We apply technical and organisational measures designed to protect personal data, including encryption in transit, role-based access controls, and isolation of payment data with Stripe. No method of transmission over the internet is fully secure; we cannot guarantee absolute security.

10. Children

The platform is not directed to children under 18 years of age. We do not knowingly collect personal data from minors. Please contact privacy@lussorinnato.com if you believe we have inadvertently collected data from a minor.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced on the platform or by email. The current effective date appears at the top of this page.

12. Contact

Privacy team: privacy@lussorinnato.com