Privacy Policy for Da Nonna Lucia

Last updated: 12 April 2026

1. Introduction

Da Nonna Lucia (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store and protect your personal data when you:

• visit our website at https://danonnalucia.co.uk

• place an order

• submit an enquiry

• contact us by email, phone, form or social media

• subscribe to marketing communications

• interact with our website through cookies and similar technologies

We aim to process your personal data lawfully, fairly and transparently in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations (PECR). 

2. Who We Are

Da Nonna Lucia is the data controller responsible for your personal data.

Contact details

Da Nonna Lucia

Email: [email protected]

Phone: +44 7344 574634

If you have any questions about this Privacy Policy or how we use your data, please contact us using the details above.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly

• name

• email address

• phone number

• billing address

• delivery address

• order details

• enquiry details

• event or wholesale enquiry information

• messages you send to us

• marketing preferences

Payment information

We do not usually store your full payment card details ourselves. Payments may be processed by third-party payment providers.

Technical and website usage information

• IP address

• browser type and version

• device information

• pages visited

• date and time of visits

• referring website

• interactions with forms, pages, and website content

• cookie and tracking data

4. How We Collect Your Data

We collect personal data:

• when you fill in a form on our website

• when you place an order

• when you contact us by phone, email or social media

• when you sign up for updates or offers

• when you browse our website

• through cookies, analytics tools, and similar technologies

• through website and CRM platforms used to manage enquiries and customer communication, including systems such as Flottion where applicable

5. How We Use Your Personal Data

We may use your personal data to:

• provide products or services you request

• process and manage orders

• respond to enquiries

• communicate with you about your order, enquiry, or request

• manage bookings, event enquiries, or wholesale discussions

• send service-related messages

• improve our website, products, and customer experience

• monitor website performance and user behaviour

• send marketing emails or messages where we are allowed to do so

• maintain internal records and protect our business against fraud or misuse

6. Our Lawful Bases for Processing

Under UK data protection law, we must have a lawful basis for processing your personal data. Depending on the situation, we rely on one or more of the following:

• Contract. Where we need to process your data to fulfil an order or take steps at your request before entering into a contract.

• Consent. Where you have agreed to receive marketing communications or accepted non-essential cookies.

• Legitimate interests. Where it is reasonably necessary for us to run and improve our business, website, and customer service, provided your rights do not override those interests.

• Legal obligation. Where we must keep records or disclose information to comply with legal or regulatory duties.

ICO guidance says people should be told the lawful basis for how their data is used, and, where consent is relied on, they should also be told they can withdraw it. 

7. Marketing Communications

If you opt in, we may send you updates, offers, product news, or other marketing communications by email or other electronic means.

You can unsubscribe from marketing at any time by:

• clicking the unsubscribe link in an email, or

• contacting us directly

Individuals have the right to object to direct marketing at any time. 

8. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

• make the website work properly

• remember your preferences

• measure website traffic and performance

• understand how visitors use the site

• improve content and marketing performance

Some cookies are strictly necessary for the website to function. Others, such as analytics or marketing cookies, may require your consent depending on how they are used. ICO guidance states that organisations must explain what cookies do and why they are used, and must obtain consent for non-essential cookies. 

You can control cookies through:

• our cookie banner or consent tool, where available

• your browser settings

9. Who We Share Your Data With

We do not sell your personal data.

We may share your data with trusted third parties where necessary to run our business and website, such as:

• website hosting providers

• CRM and automation providers, including Flottion-based systems where relevant

• payment processors

• email marketing platforms

• analytics providers

• delivery or fulfilment partners

• professional advisers

• legal or regulatory authorities where required

We only share personal data where there is a legitimate reason to do so and expect service providers to handle it securely and lawfully.

10. International Transfers

Some of our service providers may store or process personal data outside the UK. Where this happens, we will take reasonable steps to ensure your data is protected through appropriate safeguards required by law, such as approved contractual protections. ICO guidance says privacy information should explain transfers and safeguards where relevant. 

11. How Long We Keep Your Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to:

• fulfil orders and manage customer service

• comply with legal, tax, accounting or regulatory obligations

• resolve disputes

• maintain business records

If we do not have a fixed retention period for a particular type of data, we apply retention criteria based on the nature of the data, the purpose it was collected for, and any legal obligations that apply. ICO guidance says privacy notices should include retention periods or the criteria used to determine them. 

12. Data Security

We use reasonable technical and organisational measures to protect your personal data from unauthorised access, misuse, disclosure, loss, or alteration.

However, no method of transmitting or storing data online is completely secure, so we cannot guarantee absolute security.

13. Your Rights

Under UK GDPR, you may have the right to:

• access the personal data we hold about you

• request correction of inaccurate or incomplete data

• request deletion of your data in certain circumstances

• request restriction of processing

• object to processing in certain circumstances

• request transfer of your data where applicable

• withdraw consent where processing is based on consent

• complain to the Information Commissioner’s Office (ICO)

ICO guidance says privacy notices should tell individuals what rights they have and how they can complain. 

To exercise any of these rights, contact us at:

[email protected]

14. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. You should read their privacy policies separately.

15. Children’s Data

Our website and services are not intended for children under 16, and we do not knowingly collect personal data from children.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

17. Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact:

Da Nonna Lucia

Email: [email protected]

Phone: +44 7344 574634