Privacy policy.
Last updated March 2026
1. Who We Are
This website is operated by Laurenzo Alexandra, trading as Aleksandra Laurenzo Atelier. We are the data controller for personal data collected through this website. Laurenzo Alexandra, Via Palazzulo, 36 50123 Firenze Italia
Contact: info@aleksandralaurenzo.com
Website: www.aleksandralaurenzo.com
This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Italian data protection law.
2. What Data We Collect
Data you provide directly
Name and email address (when placing an order or contacting us)
Delivery address and phone number (for shipping purposes)
Payment information — processed by Stripe; we do not store card details
Order history and correspondence
Any preferences or specifications provided for custom orders
Data collected automatically
IP address and browser type
Pages visited and time spent on site
Cookie data (see Section 7 on Cookies)
This data is collected by Squarespace (our website platform) and used for site analytics and security.
3. Legal Basis for Processing
We only process your data when we have a lawful basis to do so:
Contract performance: to process and fulfil your order, arrange delivery, and handle any returns or queries
Legal obligation: to comply with tax, accounting, and consumer protection laws
Legitimate interests: to improve our website, detect fraud, and keep records of transactions
Consent: for marketing emails (where you have opted in)
4. How We Use Your Data
Process, fulfil, and communicate about your orders
Arrange shipping and handle returns
Respond to your enquiries
Send order and shipping confirmations
Comply with legal and tax obligations
Improve our website and understand how it is used
Send marketing emails — only with your explicit consent, and you may unsubscribe at any time
5. Third Parties
We share your data only with trusted third parties strictly necessary to operate our business:
Squarespace (Website & Hosting)
Our website is hosted on Squarespace. They process data on our behalf as a data processor. Squarespace may collect analytics and session data. See: https://www.squarespace.com/privacy
Stripe (Payment Processing)
Payments are processed by Stripe, Inc. Stripe is an independent data controller for payment data and operates under its own privacy policy. We never see or store your full card details. See: https://stripe.com/privacy
Shipping & Courier Partners
We share your name, address, and contact details with courier and postal services to fulfil deliveries.
Future Email Marketing
We may in future use a third-party email marketing tool (such as Mailchimp) to send newsletters or promotions. If and when this occurs, this policy will be updated to name the provider. We will only add you to a marketing list with your explicit consent.
We do not sell, rent, or trade your personal data with any third party for commercial purposes.
6. International Data Transfers
Some of our third-party providers (including Squarespace and Stripe) may store or process your data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses, to protect your data to the same standard required within the EU.
7. Cookies
Our website uses cookies — small text files placed on your device. We use the following types:
Strictly necessary cookies: essential for the website to function (e.g. session management, cart)
Analytics cookies: set by Squarespace to understand how visitors use the site — these are anonymised and aggregate in nature
We do not use advertising cookies, tracking pixels, or third-party social media cookies.
When you first visit the site, you will be shown a cookie banner asking for your consent to non-essential analytics cookies. You may withdraw consent at any time by clearing your cookies and declining on your next visit.
8. Data Retention
We retain your personal data only as long as necessary:
Order and transaction data: 10 years (required by Italian tax and accounting law)
Customer correspondence: 3 years from last contact
Marketing consent records: until you withdraw consent, plus 1 year
Website analytics: as per Squarespace's own retention policies
9. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of access: request a copy of the personal data we hold about you
Right to rectification: request correction of inaccurate data
Right to erasure: request deletion of your data (subject to legal retention obligations)
Right to restriction: request that we limit how we use your data
Right to data portability: receive your data in a structured, machine-readable format
Right to object: object to processing based on legitimate interests
Right to withdraw consent: for any processing based on consent (e.g. marketing), you may withdraw at any time
To exercise any of these rights, please contact us at info@aleksandralaurenzo.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali): www.garanteprivacy.it
10. Data Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. All payment data is handled exclusively by Stripe under PCI DSS compliance standards. Our website is served over HTTPS.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. If we make significant changes, we will notify you by email where possible.
12. Contact & Complaints
Data controller: Laurenzo Alexandra (trading as Aleksandra Laurenzo Atelier), Via Palazzuolo 36, 50123 Firenze Italia
Email: info@aleksandralaurenzo.com
Website: www.aleksandralaurenzo.com
Supervisory authority: Garante per la protezione dei dati personali — www.garanteprivacy.it