Privacy Policy

The data controller is Azmarino S.à.r.l., a private limited company registered in Luxembourg. You can reach our privacy team at privacy@azmarino.online for any questions about this policy or your data.

We only collect data we actually need to run the shop:

• Account data — name, email, phone, hashed password, optional shipping address.
• Order data — items you purchased, prices paid, delivery address, order status.
• Payment data — handled entirely by Stripe; we never see or store your card number.
• Device & usage data — IP address, browser/OS, pages visited, language preference. Used to keep the site fast and to spot abuse.
• Customer support messages — anything you send to our support email or chat.

• Contract performance (Art. 6(1)(b)) — fulfilling your order, account management, customer service.
• Legal obligation (Art. 6(1)(c)) — keeping invoices for tax and accounting (10 years in Luxembourg).
• Legitimate interest (Art. 6(1)(f)) — fraud prevention, site security, basic analytics.
• Consent (Art. 6(1)(a)) — marketing emails and non-essential cookies. You can withdraw consent at any time.

We never sell your data. We share it only with the processors that make the shop work:

• Stripe — card processing.
• Suppliers & couriers — name, address, phone for delivery only.
• Email infrastructure — to send order confirmations and reset emails.
• Cloud hosting (Railway, Netlify, MongoDB Atlas) — they store data on our behalf within the EU/EEA.

• Account data — for as long as your account is active, plus 30 days after deletion to handle disputes.
• Order & invoice data — 10 years (Luxembourg tax law).
• Marketing consent records — until you unsubscribe, plus 3 years for proof of consent.
• Server logs — 90 days, then automatically purged.

Under GDPR you can, at any time:

• Access — download a copy of all your data from Profile → Privacy → Export my data.
• Rectify — correct anything wrong via Profile → Edit.
• Erase — delete your account from Profile → Privacy → Delete account. Past orders are anonymised; we keep the invoice as the law requires.
• Restrict or object — email privacy@azmarino.online.
• Portability — the export is a machine-readable JSON file.
• Complain — to the Luxembourg supervisory authority CNPD: cnpd.public.lu.

Essential cookies (cart, login session, security) are always on — without them the site cannot function. Analytics and marketing cookies are off by default and only run if you accept them in the consent banner. See our Cookie Policy for the full list.

Azmarino is not directed at children under 16. We do not knowingly collect data from anyone under that age. If you believe a child has provided us data, contact us and we will delete it.

When we change this policy substantially we will notify you by email and ask you to re-confirm your acceptance on next sign-in. Minor edits (typos, clearer wording) are made silently with the “last updated” date above.