MONALISA

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Monalisa collects, uses and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian data protection laws.

1. Data Controller

The data controller is Monalisa S.r.l., with registered office in Italy. For any questions regarding this policy or your data, contact us at privacy@monalisataste.com.

2. Data Collected

We collect: registration data (company name, VAT number, contact details), transaction data (orders, payments, shipping information), usage data (page visits, searches, preferences), communication data (messages between users, support requests), and technical data (IP address, browser type, device information).

3. Purpose of Processing

We process your data for: platform service provision and account management, order processing and transaction facilitation, compliance with legal and tax obligations, platform improvement and analytics, communication about services and updates, and fraud prevention and platform security.

4. Legal Basis

We process data based on: contractual necessity (service provision), legal obligation (tax and commercial law compliance), legitimate interest (platform improvement, fraud prevention), and consent (marketing communications, non-essential cookies).

5. Data Sharing

We may share data with: transaction counterparties (Buyer-Producer information necessary for order fulfillment), payment processors (for secure transaction processing), logistics partners (for shipping coordination), legal authorities (when required by law), and technical service providers (hosting, analytics) under appropriate data processing agreements.

6. Data Retention

We retain personal data for the duration of your account plus 10 years for tax and legal compliance purposes. Transaction records are kept for the legally required period. You may request deletion of non-essential data at any time.

7. Your Rights (GDPR)

Under GDPR, you have the right to: access your personal data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, object to processing, and withdraw consent. To exercise these rights, contact privacy@monalisataste.com. We will respond within 30 days.

8. International Transfers

Data may be transferred outside the EEA only with appropriate safeguards in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.