Cookie Preferences
Information on the use of cookies and similar tracking technologies, prepared pursuant to:
— EU Regulation 2016/679 (GDPR);
— Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Privacy Code);
— Provision of the Italian Data Protection Authority no. 231 of June 10, 2021 ("Guidelines on cookies and other tracking tools");
— Directive 2002/58/EC (ePrivacy Directive).
Version in force since: 30/05/2026
PREMISE
This Cookie Policy describes the types, purposes, and methods of use of cookies and other tracking technologies used on the website www.naolulu.com (hereinafter "Site"), owned by NAOLULU, with registered office in Via Federico Caudana, 26100, Cremona (hereinafter "Data Controller" or "NAOLULU").
Users are invited to carefully read this information before continuing to browse the Site.
ARTICLE 1 — WHAT ARE COOKIES
1.1 Cookies are small text files that visited websites send to the User's device (computer, tablet, smartphone), where they are stored to be retransmitted to the same site on subsequent visits.
1.2 Cookies allow you to:
a) Perform computer authentications and manage the browsing session;
b) Store User preferences;
c) Improve the browsing experience;
d) Analyze the use of the Site in an aggregated form;
e) Deliver personalized advertising based on User interests.
1.3 In addition to cookies, there are other similar tracking technologies (pixels, web beacons, local storage, fingerprinting) that perform similar functions. In the remainder of this policy, the term "cookie" is used to indiscriminately indicate all tracking technologies used by the Site.
ARTICLE 2 — CLASSIFICATION OF COOKIES
2.1 ACCORDING TO DURATION, cookies are distinguished into:
a) SESSION COOKIES: are automatically deleted when the browser is closed. Used to ensure navigation and use of the Site;
b) PERSISTENT COOKIES: remain stored on the User's device for a predefined period (from a few minutes to several years), unless manually deleted by the User.
2.2 ACCORDING TO THE SUBJECT WHO INSTALLS THEM, cookies are distinguished into:
a) FIRST-PARTY COOKIES: installed directly by the Site Owner;
b) THIRD-PARTY COOKIES: installed by third parties (for example: Google, Meta, Klarna), who operate as independent data controllers or as data processors on behalf of the Data Controller.
2.3 ACCORDING TO PURPOSE, in accordance with the Italian Data Protection Authority's Provision no. 231/2021, cookies are distinguished into:
a) TECHNICAL COOKIES (do not require consent);
b) PROFILING COOKIES (require prior User consent).
ARTICLE 3 — TECHNICAL COOKIES
3.1 Technical cookies are used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service" (Article 122, paragraph 1 of the Privacy Code).
3.2 For the installation of these cookies, the User's prior consent is NOT required, but adequate information must be provided.
3.3 They are divided into:
a) NAVIGATION OR SESSION COOKIES
Necessary for the normal navigation and use of the Site (for example: shopping cart management, user authentication, session management).
b) FUNCTIONAL COOKIES
Allow the User to navigate based on a series of selected criteria (for example: language, recently viewed products, visual preferences) in order to improve the service provided.
c) ANALYTICAL COOKIES ASSIMILATED TO TECHNICAL ONES
Used to collect information in aggregated, anonymized form and with tools that reduce the identifying power of cookies (masking significant portions of the IP address), for statistical purposes on the use of the Site.
3.4 LIST OF TECHNICAL COOKIES USED:
| Cookie Name | Provider | Purpose | Duration |
|-------------|----------|----------|--------|
| _shopify_y | Shopify | Session and navigation | 1 year |
| _shopify_s | Shopify | User session | 30 minutes |
| _secure_session_id | Shopify | Secure authentication | Session |
| cart | Shopify | Cart management | 14 days |
| cart_currency | Shopify | Selected currency | 14 days |
| localization | Shopify | Language and region | 14 days |
| _shopify_country | Shopify | Localization | Session |
| keep_alive | Shopify | Session maintenance | 4 hours |
| _shopify_visit | Shopify | Aggregated statistics | 30 minutes |
ARTICLE 4 — PROFILING COOKIES
4.1 Profiling cookies are used to link specific actions or recurring behavioral patterns in the use of the offered functionalities (patterns) to determined and identified or identifiable subjects, in order to group different profiles into homogeneous clusters of varying size, so that it is possible, among other things, to modulate the provision of the service in an increasingly personalized way, as well as to send targeted advertising messages.
4.2 For the installation of these cookies, the User's prior consent is required, expressed freely, specifically, informed, unambiguously, and through a positive action (Article 7 GDPR).
4.3 They are divided into:
a) ANALYTICAL COOKIES NOT ASSIMILATED TO TECHNICAL ONES
Collect complete information on User behavior within the Site (pages visited, time spent, browsing paths) for statistical and optimization purposes.
b) MARKETING / ADVERTISING COOKIES
Used to display personalized advertising content within the Site or on other websites visited by the User, based on their presumed interests.
c) SOCIAL MEDIA COOKIES
Allow content sharing on social networks and allow social networks to collect information on User navigation.
4.4 LIST OF PROFILING COOKIES USED:
GOOGLE ANALYTICS
| Cookie Name | Provider | Purpose | Duration |
|-------------|----------|----------|--------|
| _ga | Google LLC | Unique user identification | 2 years |
| _ga_* | Google LLC | Session status | 2 years |
| _gid | Google LLC | User identification | 24 hours |
| _gat | Google LLC | Request limitation | 1 minute |
META PIXEL (FACEBOOK / INSTAGRAM)
| Cookie Name | Provider | Purpose | Duration |
|-------------|----------|----------|--------|
| _fbp | Meta Platforms Ireland | Conversion tracking | 90 days |
| fr | Meta Platforms Ireland | Personalized advertising | 90 days |
| tr | Meta Platforms Ireland | Pixel conversions | Session |
TIKTOK PIXEL
| Cookie Name | Provider | Purpose | Duration |
|-------------|----------|----------|--------|
| _ttp | TikTok Technology Limited | User tracking | 13 months |
| ttwid | TikTok Technology Limited | User identification | 1 year |
GOOGLE ADS
| Cookie Name | Provider | Purpose | Duration |
|-------------|----------|----------|--------|
| _gcl_au | Google LLC | Google Ads conversions | 90 days |
| IDE | Google LLC | Personalized advertising | 13 months |
ARTICLE 5 — THIRD-PARTY COOKIES
5.1 While browsing the Site, the User may receive cookies installed by different sites ("third-party" cookies) on their device. This occurs when the Site contains elements from such sites (for example: images, maps, sounds, specific links to web pages of other domains, social network plug-ins).
5.2 MAIN THIRD PARTIES THAT INSTALL COOKIES THROUGH THE SITE:
a) SHOPIFY INC.
E-commerce platform on which the Site is hosted.
Headquarters: 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
Privacy Policy: https://www.shopify.com/legal/privacy
b) GOOGLE LLC
Analytics, advertising, and map services.
Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout
c) META PLATFORMS IRELAND LTD.
Facebook and Instagram tracking pixels.
Headquarters: 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/policy.php
d) TIKTOK TECHNOLOGY LIMITED
TikTok tracking pixel (if active).
Headquarters: 10 Earlsfort Terrace, Dublin 2, Ireland
Privacy Policy: https://www.tiktok.com/legal/privacy-policy
e) KLARNA BANK AB
Installment payment service.
Headquarters: Sveavägen 46, 111 34 Stockholm, Sweden
Privacy Policy: https://www.klarna.com/it/privacy/
f) SCALAPAY ITALIA S.R.L.
Installment payment service.
Headquarters: Via Cesare Battisti 15, 20122 Milan, Italy
Privacy Policy: https://www.scalapay.com/it/privacy-policy
g) PAYPAL (EUROPE) S.À.R.L. ET CIE, S.C.A.
Payment service.
Headquarters: 22-24 Boulevard Royal, 2449 Luxembourg
Privacy Policy: https://www.paypal.com/it/legalhub/privacy-full
5.3 The Data Controller has no control over cookies installed by third parties, who act as independent data controllers. Users are invited to directly consult the privacy policies of the third parties listed above for more details on the processing carried out.
ARTICLE 6 — LEGAL BASIS FOR PROCESSING
6.1 The legal basis for processing personal data through cookies varies depending on the type of cookie used:
a) TECHNICAL AND ANALYTICAL COOKIES ASSIMILATED: legitimate interest of the Data Controller to provide the service requested by the User (Article 6, paragraph 1, letter f) GDPR);
b) PROFILING, NON-ASSIMILATED ANALYTICAL, MARKETING COOKIES: free, specific, informed, and unambiguous consent of the User (Article 6, paragraph 1, letter a) GDPR), expressed through the cookie banner on the Site.
6.2 Consent given can be revoked at any time, in the manner described in subsequent Article 8, without prejudice to the lawfulness of processing based on consent given before revocation.
ARTICLE 7 — TRANSFER OF DATA ABROAD
7.1 Some of the service providers that use cookies on the Site are based in non-EU countries, including the United States of America.
7.2 Transfers of data outside the EU take place in compliance with the guarantees provided by Chapter V of the GDPR, through:
a) Adequacy decisions of the European Commission (e.g., EU-U.S. Data Privacy Framework for the United States, effective from July 10, 2023);
b) Standard Contractual Clauses approved by the European Commission;
c) Supplementary technical and organizational security measures.
7.3 The User can request a copy of the guarantees applied for non-EU transfers by writing to privacy@naolulu.com.
ARTICLE 8 — CONSENT MANAGEMENT AND REVOCATION
8.1 Upon first access to the Site, the User sees a cookie banner containing:
a) Brief information on the use of cookies;
b) Link to this extended Cookie Policy;
c) "Accept all" button;
d) "Reject all" button;
e) "Customize preferences" or "Manage preferences" button.
8.2 The User can freely choose whether to give consent, refuse it, or customize their preferences by selectively accepting some categories of cookies.
8.3 Any continuation of navigation by closing the banner without interaction DOES NOT constitute an expression of consent. In this case, only technical cookies will be installed, and the banner will be proposed again on subsequent accesses.
8.4 The User can modify their preferences at any time by accessing the cookie management panel, reachable through the "Manage cookies" link in the footer of the Site.
8.5 Alternatively, the User can manage cookies directly from their browser settings, as indicated in subsequent Article 9.
ARTICLE 9 — DISABLING COOKIES FROM THE BROWSER
9.1 The User can configure their browser to accept, reject, or delete cookies. The instructions vary depending on the browser used:
GOOGLE CHROME
https://support.google.com/chrome/answer/95647
MOZILLA FIREFOX
https://support.mozilla.org/en-US/kb/Cookies
SAFARI (DESKTOP)
https://support.apple.com/guide/safari/sfri11471/mac
SAFARI (IOS)
https://support.apple.com/en-us/HT201265
MICROSOFT EDGE
https://support.microsoft.com/en-us/microsoft-edge
OPERA
https://help.opera.com/en/latest/web-preferences/
9.2 Disabling technical cookies may compromise the correct functioning of the Site, particularly regarding shopping cart management, the purchase process, and authentication.
9.3 For specific opt-out from third-party cookies, the User can also use the following tools:
— Your Online Choices: https://www.youronlinechoices.com/en/
— Network Advertising Initiative: https://optout.networkadvertising.org/
— Digital Advertising Alliance: https://optout.aboutads.info/
ARTICLE 10 — DATA SUBJECT'S RIGHTS
10.1 The User, as the data subject for the processing of personal data, can exercise the rights provided by Articles 15-22 of the GDPR at any time:
a) Right of access to their data (Art. 15);
b) Right to rectification of inaccurate data (Art. 16);
c) Right to erasure of data ("right to be forgotten") (Art. 17);
d) Right to restriction of processing (Art. 18);
e) Right to data portability (Art. 20);
f) Right to object to processing (Art. 21);
g) Right not to be subject to automated decision-making (Art. 22);
h) Right to withdraw consent given (Art. 7, paragraph 3).
10.2 To exercise these rights, the User can write to: naolululab@gmail.com
10.3 The User also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or another competent supervisory authority, if they believe that the processing of their personal data is in violation of current regulations.
ARTICLE 11 — DATA RETENTION
11.1 Data collected through cookies are stored for the period strictly necessary to achieve the purposes for which they were collected, and in any case, not beyond the terms indicated in the tables in Articles 3 and 4 of this Cookie Policy.
11.2 At the end of the retention period, the data are automatically deleted or irreversibly anonymized.
ARTICLE 12 — DATA CONTROLLER
12.1 The Data Controller for personal data collected through cookies is:
NAOLULU
Registered office: Via Federico Caudana, 26100, Cremona
VAT number: 01844450195
Email: naolululab@gmail.com
PEC: diana.design@pec.it
12.2 The Data Controller has not appointed a Data Protection Officer (DPO), as the conditions of mandatory appointment provided by Article 37 of the GDPR do not apply.
ARTICLE 13 — CHANGES TO THE COOKIE POLICY
13.1 The Data Controller reserves the right to modify this Cookie Policy at any time, due to:
a) Regulatory updates;
b) Introduction of new services or technologies on the Site;
c) Changes in the third-party providers used.
13.2 Changes will be published on the Site and will become effective from the moment of publication. The date of the last revision is indicated at the bottom of this document.
13.3 In case of substantial changes, the Data Controller will resubmit the cookie banner to the User for new consent acquisition.
ARTICLE 14 — CONTACTS
14.1 For any request related to this Cookie Policy or the use of cookies on the Site:
Email: naolululab@gmail.com
PEC: diana.design@pec.it
NAOLULU
VAT number 01844450195
Document updated on: 30/05/2026