Privacy policy

Privacy Policy

1. Data controller

The data controller is Natural Shoes S.R.L., registered office Via della Lungaretta 94/95, 00153 Rome (RM), Italy – VAT and Tax ID 11900051001 – REA RM-1335679.

Privacy contacts: email logistics@naturalshoes.it · PEC naturalshoes@legalmail.it · phone +39 347 2930424.

The Controller has not appointed a Data Protection Officer, as the conditions of obligation do not apply.

2. What data we process

Depending on how you interact with the site, we may process:

  • Personal and contact details: name, surname, email, phone, shipping and billing address.
  • Order data: products purchased, amounts, order history, any returns.
  • Payment data: managed directly by payment providers; the Controller does not store full card numbers.
  • Tax data: tax code/VAT number when needed for invoicing.
  • Account data: credentials and preferences, if you create an account.
  • Communications: content of support requests and reviews.
  • Navigation and cookie data: IP address, device, pages visited (details in the Cookie Policy).

3. Why we process data and on what legal basis

Purpose Legal basis (GDPR)
Manage and process orders, shipments, returns, refunds and purchase-related assistance Performance of contract – art. 6.1.b
Comply with legal obligations (invoicing, accounting, tax) Legal obligation – art. 6.1.c
Respond to contact requests and provide assistance Legitimate interest – art. 6.1.f
Fraud prevention and site security Legitimate interest – art. 6.1.f
Publish verified product reviews Legitimate interest – art. 6.1.f
Send newsletter and commercial communications Consent – art. 6.1.a

The Controller does not carry out profiling or automated decision-making.

4. Nature of provision

Providing data necessary to process the order and comply with legal obligations is mandatory: without it the purchase cannot be completed. Providing data for marketing purposes is optional: refusal does not affect the purchase.

5. Who we share data with (processors and recipients)

Data is processed by authorised personnel and may be communicated to third parties acting as data processors or independent controllers, exclusively for the purposes indicated:

  • Platform and hosting of the online store: Shopify Inc. (site, checkout, orders).
  • Management system / catalogue sync: Smarty (Echo Software).
  • Payment providers: Shopify Payments, PayPal, Klarna, Scalapay, banks, cash-on-delivery service provider.
  • Couriers and logistics: GLS, Poste Italiane, DHL, TNT, BRT (Bartolini).
  • Review management: Judge.me.
  • Email / newsletter tools: Shopify Email.
  • Consultants and service providers (accountant, legal/IT consultants) to the necessary extent.
  • Authorities when required by law.

6. Transfers outside the European Union

Some providers (in particular Shopify and Judge.me) may process data outside the European Economic Area. Such transfers take place in compliance with the GDPR, on the basis of adequacy decisions or Standard Contractual Clauses approved by the European Commission, with supplementary measures where necessary.

7. How long we keep the data

  • Order, invoicing and accounting data: for the time required by law, usually 10 years (art. 2220 Italian Civil Code and tax regulations).
  • Account data: as long as the account is active; in case of prolonged inactivity or deletion request, removed unless retention obligations apply.
  • Data for marketing purposes: until consent is withdrawn and in any case no longer than 24 months from the last contact.
  • Support/contact data: for the time necessary to handle the request and subsequent legal protection terms.
  • Navigation/cookie data: according to the durations indicated in the Cookie Policy.

8. Your rights

You can exercise the rights provided by articles 15-22 GDPR at any time: access to your data, rectification, erasure ("right to be forgotten"), restriction of processing, objection, data portability, and — where processing is based on consent — withdrawal of consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise them, write to logistics@naturalshoes.it or naturalshoes@legalmail.it. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante) (www.garanteprivacy.it).

9. Automated decision-making

The Controller does not adopt automated decision-making or profiling activities that produce legal or significant effects on the data subject.

10. Cookies

The site uses cookies and similar technologies. Details (categories, purposes, duration, third parties and consent management) are reported in the Cookie Policy. Consent to non-essential cookies is collected via the banner.

11. Changes to this notice

The Controller may update this notice to adapt it to regulatory or operational changes. The updated version is published on this page with the relevant date.

Last updated: June 2026