Privacy Policy
PRIVACY POLICY – LENZANO.COM
Effective Date: 17 February 2025
Last Updated: 17 February 2025
VendRock OÜ (“we”, “our”, or “us”), the operator of Lenzano.com, takes your privacy very seriously. This Privacy Policy outlines in detail how we collect, process, store, share, and protect your personal data when you interact with our online shop and related services. We are fully committed to complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Estonian Personal Data Protection Act, and all other applicable data protection regulations.
1. CONTROLLER OF DATA PROCESSING
Name: VendRock OÜ
Legal Form: Private Limited Company (OÜ)
Registration Number: 17178618
Registered Office: Ahtri tn 12, Kesklinna linnaosa, 15551 Tallinn, Estonia
Email: legal@lenzano.com
VendRock OÜ is the data controller responsible for the processing of your personal data via Lenzano.com.
2. PERSONAL DATA WE COLLECT
We may collect and process the following categories of personal data:
A. When You Visit Our Website:
IP address
Browser type and version
Operating system
Referrer URL
Date and time of access
Cookies and tracking technologies (see Section 8)
B. When You Create an Account or Place an Order:
Full name
Email address
Billing address
Shipping address
Phone number
Order history and purchase details
Payment information (processed via third-party payment providers)
C. When You Contact Customer Support:
Email address
Support request content
Attached files (if any)
Chat logs and correspondence
D. When You Subscribe to Our Newsletter:
Email address
Consent timestamp
Preferences and interaction logs
3. LEGAL BASIS FOR PROCESSING
We process your personal data on the following legal grounds under Art. 6 GDPR:
Art. 6(1)(a) – Consent (e.g., marketing, newsletter)
Art. 6(1)(b) – Contract performance (e.g., to fulfill orders)
Art. 6(1)(c) – Legal obligation (e.g., tax and accounting regulations)
Art. 6(1)(f) – Legitimate interests (e.g., fraud prevention, analytics)
4. PURPOSES OF PROCESSING
Your personal data is processed for the following purposes:
Order processing and product delivery
Customer support and communication
Account creation and management
Payment processing (via secure third-party providers)
Fraud prevention and security monitoring
Newsletter dispatch and promotional campaigns (only with consent)
Website performance, analytics, and improvement
Fulfillment of legal obligations (e.g., invoicing, archiving)
5. DATA RETENTION
We retain personal data only as long as necessary:
Data Category | Retention Period |
|---|---|
Order data (billing, shipping) | 7 years (legal obligation) |
Account data | Until user deletion |
Newsletter data | Until consent is withdrawn |
Contact/support messages | 3 years |
Cookie data | As defined in our Cookie Policy |
6. DATA SHARING & RECIPIENTS
We only share data with trusted partners and service providers necessary for our business operations:
A. Payment Processors
Stripe, PayPal, or similar – for secure payment transactions (data is never stored on our servers)
B. Logistics & Fulfillment Partners
Warehousing and shipping partners – for order dispatch
C. Hosting & Infrastructure
Cloud providers (e.g., AWS, Cloudflare) – for secure website hosting
D. Email & Marketing Tools
Mailchimp, Klaviyo or equivalent – to manage newsletters (with double opt-in and unsubscribe link)
E. Legal and Tax Advisors
As required for compliance with local laws and regulations
We never sell or rent your data to third parties.
7. INTERNATIONAL DATA TRANSFERS
We may transfer your data to third countries (e.g., the USA) only when:
The recipient is located in a country with an adequate level of protection as determined by the European Commission.
The transfer is subject to Standard Contractual Clauses (SCCs) or equivalent safeguards.
8. COOKIES & TRACKING TECHNOLOGIES
We use cookies to improve user experience, analyze traffic, and personalize content. Cookies may include:
Type | Purpose |
|---|---|
Strictly necessary | Shopping cart, login session |
Functional | User preferences |
Performance | Analytics (e.g., Google Analytics) |
Marketing | Retargeting (e.g., Meta Pixel, Google Ads) |
You can control cookie preferences via our [Cookie Banner] and browser settings. See our full Cookie Policy.
9. DATA SUBJECT RIGHTS
Under the GDPR, you have the following rights:
Right to access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure – “right to be forgotten” (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent at any time (Art. 7 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise your rights, contact:
legal@lenzano.com
Supervisory Authority:
Estonian Data Protection Inspectorate
Website: www.aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia
10. CHILDREN’S DATA
Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If we become aware of such data, we will delete it without delay.
11. AUTOMATED DECISION-MAKING / PROFILING
We do not use any personal data for automated decision-making or profiling that produces legal or similarly significant effects.
12. SECURITY MEASURES
We implement robust technical and organizational measures, including:
SSL/TLS encryption
Secure server infrastructure (ISO/IEC 27001 compliant)
Access control and role-based permissions
Data pseudonymization where possible
Regular backups and vulnerability assessments
13. CHANGES TO THIS PRIVACY POLICY
We reserve the right to amend this Privacy Policy at any time to comply with legal updates or operational changes. The latest version will always be available at:
If material changes are made, we will notify users via email or a prominent notice on the website.
VendRock OÜ
Data Controller for Lenzano.com
Ahtri tn 12, 15551 Tallinn, Estonia
legal@lenzano.com
Would you like me to generate the Cookie Policy or a Terms & Conditions document as well?
