Privacy and Cookie Policy

Last updated: November 2025

This Privacy and Cookie Policy describes how NEW NANÙ LTD collects, uses, and protects the personal data of users of www.nanubaby.com and www.nanubaby.it in accordance with EU Regulation 2016/679 (GDPR), the Italian Privacy Code (Legislative Decree 196/2003), and the UK Data Protection Act 2018.

1. Personal Data Collected

Data provided by the user

• Identification data: name, surname
• Contact information: email, telephone, shipping and billing address
• Payment data: processed through certified gateways (we do not store full card details)
• Purchase history: products, amounts, transaction dates
• Communications: content of emails, chats, or WhatsApp messages

Data collected automatically

• Browsing data: IP address, browser, operating system
• Behavioral data: pages visited, time spent, navigation path
• Device data: unique identifier, language, time zone
• Source data: reference source (Google, Facebook, direct link)

Data from third parties

We receive information from payment platforms (PayPal, Stripe, Shopify Payments), shipping services, advertising platforms (Google Ads, Meta Ads), and social media to confirm transactions and optimize services.

2. Purpose and Legal Basis of the Processing

3. Data Retention

Data Type	Retention Period
Contractual data (orders, invoices)	10 years (tax obligations)
Marketing data with consent	Until revoked or 24 months of inactivity
Analytical cookies	Up to 26 months
Marketing cookies	Until consent is revoked
Support communications	5 years since closing

4. Data Security

We implement technical and organizational measures to protect personal data:

• SSL/TLS encryption for all communications
• PCI-DSS Compliance for Payments
• Firewalls and intrusion detection systems
• Access limited to authorized personnel
• Regular backups and periodic audits

5. Data Sharing

We do not sell or rent your data. We only share data with trusted vendors for specific purposes:

• Shopify Inc. (Canada/USA) - e-commerce platform, hosting
• Google LLC (USA) - Analytics, Ads, Gmail
• Meta Platforms Inc. (USA) - Meta Pixel, Facebook/Instagram Ads
• PayPal Europe (Luxembourg) - payment processing
• Express couriers - shipment management

Transfers outside the EU

Some providers transfer data to countries outside the EU. We ensure GDPR compliance through Standard Contractual Clauses (SCCs), adequacy decisions, and additional safeguards such as encryption and pseudonymization.

6. Cookies and Tracking Technologies

The site uses cookies to improve user experience, analyze traffic, and display personalized ads.

Types of Cookies

Typology	Description	Duration	Consent
Technical/Necessary	Essential for operation (shopping cart, login, checkout)	Session / 1 year	No (always active)
Analytics	Anonymous statistics (Google Analytics)	26 months	Yes (optional)
Marketing	Personalized advertising (Google Ads, Meta Pixel)	30-180 days	Yes (optional)
Third Parties	External services (YouTube, social media)	Variable	Yes (optional)

Specific Cookies Used

Shopify Technical Cookies

Name	Purpose	Duration
_shopify_visit	User session tracking	30 minutes
cart	Cart storage	14 days
_secure_session_id	Authentication and security	Session

Google Analytics (Consent Required)

Name	Purpose	Duration
_ga	Unique user distinction	2 years
_gid	User distinction	24 hours

Google Ads (Consent Required)

Name	Purpose	Duration
_gcl_au	Conversion Tracking	90 days

Meta Pixel (Consent Required)

Name	Purpose	Duration
_fbp	Tracking visits and conversions	90 days
_fbc	Facebook Click Parameters	90 days

Google Consent Mode V2

The site implements Google Consent Mode V2, which adapts the behavior of Google tags based on your cookie consent choices, ensuring compliance with privacy regulations.

Cookie Management

Via banner: Upon first access, you can choose which cookies to accept. Change your preferences using the "Cookie Settings" link in the footer.

Via browser:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and permissions

Opt-out:

• Google Analytics: Browser Add-on
• Google Ads: Ad Settings
• Facebook: Ad Preferences

7. Your Rights

In accordance with the GDPR, you have the following rights:

• Access (Art. 15): obtain confirmation of processing and a copy of your data
• Rectification (Art. 16): correct inaccurate or incomplete data
• Erasure (Art. 17): request erasure of data when no longer necessary
• Restriction (Art. 18): limit processing in specific circumstances
• Portability (Art. 20): receiving data in a structured format
• Objection (Art. 21): object to processing for legitimate interest or marketing
• Revoke consent: withdraw your consent at any time
• Complaint: lodge a complaint with the supervisory authority

Supervisory Authority

• Italy: Italian Data Protection Authority - www.garanteprivacy.it
• United Kingdom: Information Commissioner's Office (ICO) - www.ico.org.uk

Exercise of Rights

To exercise your rights, contact us at:

• Email: newnanultd@gmail.com (subject: "Privacy Request")
• WhatsApp: +39 377 373 5384
• Post: NEW NANÙ LTD, 185 Old Brompton Road, Flat 9, London SW5 0AN, UK

We will respond within 30 days. We may request identification to verify your identity.

8. Privacy of Minors

We do not knowingly collect data from children under 16 without parental consent. If we learn that we have collected data from minors, we will immediately delete it.

9. Changes to the Policy

We reserve the right to update this Privacy Policy. The updated version will be published with a new date. We will notify you of any material changes via email or a notice on the website.

10. Links to Third Party Sites

The site may contain links to third-party sites. We are not responsible for their privacy practices. This policy applies exclusively to www.nanubaby.com and www.nanubaby.it.

11. Contacts

For questions or requests regarding privacy: